SOC Prime Menace Bounty —  January 2023 Outcomes | Energy Tech

Menace Bounty Publications

The primary month of 2023 has introduced invaluable contributions from our Menace Bounty members of the worldwide cyber neighborhood. The SOC Prime group acquired 626 guidelines for evaluate and evaluate submitted by our detection content material consultants. In consequence, 144 guidelines efficiently handed verification and have been printed on the SOC Prime Platform for monetization, and these guidelines contributed considerably to collective cyber protection.

Discover detections

It is all the time a good suggestion to take part in discussions with the SOC Prime neighborhood on our Discord server and discuss your detection engineering experience and your Menace Bounty program actions.

We strongly encourage Menace Bounty members to observe the Program Phrases and Content material Necessities to take pleasure in probably the most streamlined expertise of releasing your detections for monetization on the SOC Prime platform. Moreover, Menace Bounty members can observe the suggestions to enhance detection content material supplied by our content material consultants throughout verification and, if relevant, apply the prompt ones to their detections.

The essential technical requirement for sigma guidelines prompt for publishing and monetization with Menace Bounty is that your Sigma rule needs to be behavioral menace detection content materialwhich suggests you have to establish and detect cyber threats by analyzing habits patterns (refers to how a system or course of works, together with actions reminiscent of creating information and processes and their interrelationships, altering registry keys, and setting of community connections, and so forth.), moderately than counting on particular indicators of compromise (IOCs) (IP addresses, file names, malware hashes, and different figuring out info), or meant to be triggered by alerts from different safety options. safety.

One other crucial requirement is that it should be a singular detection, that doesn’t violate the mental property rights of any third celebration.

MAIN Menace Bounty Detection Guidelines

Suspicious processes and information to bypass MoTW [Mark-of-the-Web] by BlueNoroff Group (through process_creation) rule sigma menace looking by Aytek Aytemur detects a suspicious rundll32 course of, which runs marcoor.dll, a malicious file that’s related to BlueNoroff Group.

Attainable BlueNoroff group execution when getting/executing payload through shortcut file (through process_creation) rule sigma menace looking by Nattatorn Chuensangarun detect suspicious BlueNoroff group exercise acquiring and executing an extra payload of the script when the sufferer double-clicked the shortcut file.

Attainable malicious Zoom software program installer execution exercise through instructions related to detection (through process_creation) rule sigma menace looking by emre oh detects execution instructions related to the malicious zoom installer. On this malware marketing campaign, the malicious installer ‘ZoomInstallerFull.exe’ executes IcedId Loader, ‘maker.dll’, utilizing rundll32.exe with the ‘init’ parameter.

Attainable exploit try detection ‘CVE-2023-21752’ (through File_Event) rule sigma menace looking by Kyaw Pyiyt Htet (Mik0yan) detects creation of malicious information from tried exploitation of Home windows Backup Service Elevation of Privilege Vulnerability (CVE-2023-21752).

One other Kyaw rule can be within the prime 5 Menace Bounty guidelines of the month. Attainable system shell session through CVE-2023-21752 Related command detection exploit (through CmdLine) Menace Looking Sigma detects the technology of the ‘ntauthoritysystem’ shell session by way of an try to take advantage of the Home windows Backup Service elevation of privilege vulnerability – CVE-2023-21752.

principal authors

The Menace Bounty ranking relies on evaluation of distinctive SOC Prime person actions with the Menace Bounty guidelines detection code and doesn’t embrace feedback or content material opinions. The next authors scored highest for his or her Menace Bounty detections based mostly on evaluation of January 23 exercise:

Nattatorn Chuensangarun

osman demir

Sittikorn Sangrattanapitak

emir erdoğan

kaan yeniyol

The common Menace Bounty payout for November is $1,418.

Code your CV in detection engineering and monetize your Blue Group abilities. ? Be a part of SOC Prime Menace Bounty now!