• Home
  • Authors
  • Cybereason Global SOC Team

About Cybereason Global SOC Team

Cybereason Global SOC Team

The Cybereason Global SOC Team delivers 24/7 Managed Detection and Response services to customers on every continent. Led by cybersecurity experts with experience working for government, the military and multiple industry verticals, the Cybereason Global SOC Team continuously hunts for the most sophisticated and pervasive threats to support our mission to end cyberattacks on the endpoint, across the enterprise, and everywhere the battle moves.

All posts by Cybereason Global SOC Team

THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems

This report provides unique insight into SocGholish and Zloader attacks and provides an overview of the common tactics and techniques in SocGholish infections...

April 25, 2022 / 14 minute read

THREAT ALERT: Emotet Targeting Japanese Organizations

The surge of Emotet attacks targeting Japanese organizations in the first quarter of 2022 is a continuation of the earlier Emotet activity, with some changes in the malware deployment process. The Cybereason XDR Platform detects and blocks Emotet malware...

March 7, 2022 / 3 minute read

THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot

The Cybereason GSOC delivers details on three recently observed attack scenarios where fast-moving malicious actors used the malware loaders IcedID, QBot and Emotet to deploy the Cobalt Strike framework on the compromised systems...

February 10, 2022 / 13 minute read

THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool

This report provides analysis on the evolution of configuration and implementation aspects of the StealBit malware developed by the LockBit ransomware group to exfiltrate sensitive data from targets for double extortion purposes…

December 16, 2021 / 20 minute read

THREAT ALERT: The Return of Emotet

Since the first Twitter post about this most recent discovery, the team at G DATA and the Cybereason SOC team have seen multiple Emotet samples in the wild, particularly between November 21-23, confirming that Emotet is reemerging...

December 9, 2021 / 3 minute read

THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware

The ITG23 group is partnering with the TA551 (Shatak) threat group to distribute ITG23’s TrickBot and BazarBackdoor malware which attackers use to deploy Conti ransomware on compromised systems...

November 9, 2021 / 9 minute read

THREAT ANALYSIS REPORT: Snake Infostealer Malware

This report provides an overview of key features of the Snake #malware and similarities discovered in the staging mechanisms with two other information-stealing malware variants, FormBook and Agent Tesla...

October 28, 2021 / 16 minute read

THREAT ALERT: Malicious Code Implant in the UAParser.js Library

A threat actor has implanted malicious code in UAParser.js, a JavaScript library that parses User-Agent data where the implanted code deploys cryptocurrency-mining and information-stealing malware on compromised systems...

October 27, 2021 / 3 minute read

Running Robust Managed Detection and Response Services

Looking into how the SOC fits into the business in addition to identifying the specific use-cases will help a team define and create an effective operation and service delivery...

October 4, 2021 / 6 minute read

Threat Analysis Report: Inside the Destructive PYSA Ransomware

The PYSA ransomware gang uses tools like Koadic, PsExec and Mimikatz for credential theft and lateral movement before executing PowerShell scripts that stop or remove system security mechanisms like Windows Defender...

September 27, 2021 / 10 minute read

Threat Analysis Report: PrintNightmare and Magniber Ransomware

The Cybereason GSOC Team details infections with a recent version of the Magniber ransomware in which the initial attack vector is the exploitation of the notorious PrintNightmare vulnerability...

September 22, 2021 / 15 minute read

THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability

The Cybereason GSOC Managed Detection and Response (MDR) team is investigating CVE-2021-40444, a critical vulnerability in the Microsoft Hypertext Markup Language (MSHTML) web content rendering engine that Microsoft Office applications use...

September 10, 2021 / 3 minute read

THREAT ALERT: Microsoft Exchange ProxyShell Exploits and LockFile Ransomware

The exploitation of the ProxyShell vulnerabilities enables attackers to execute arbitrary commands on compromised systems, which may lead to full system compromise and/or the deployment of malware...

August 30, 2021 / 3 minute read

THREAT ALERT: PrintNightmare Critical Vulnerability in Windows Print Spooler

PrintNightmare is a critical vulnerability in the Windows Print Spooler service that allows attackers to execute arbitrary code on target systems with administrative privileges...

July 2, 2021 / 3 minute read

THREAT ALERT: SolarMarker Backdoor

SolarMarker enables attackers to execute commands, PowerShell scripts, and Windows executables on compromised systems, and to deploy additional malware...

June 23, 2021 / 3 minute read

THREAT ALERT: LemonDuck Crypto-Mining Malware

LemonDuck is a cryptocurrency-mining malware that in addition to mining, also spreads in a network after the initial infection with the goal to increase the number of systems that participate in its mining pool. ..

May 19, 2021 / 3 minute read

THREAT ALERT: N3tw0rm Ransomware Campaign

The campaign uses a disk space filler utility, a scenario not typical for ransomware where the disk space filler utility continuously writes files on a victim’s hard disk volumes until no free disk space is left available...

May 10, 2021 / 2 minute read