SOC Prime

SesameOp Backdoor Detection: Microsoft Discovers New Malware Abusing OpenAI Assistants API in Cyber-Attacks | SOC Prime Detect SesameOp backdoor, a novel malware that exploits OpenAI Assistants API as a stealth C2 channel, with a curated Sigma rule from SOC Prime Platform.

A novel SesameOp backdoor abuses OpenAI Assistants API as a stealth C2 channel in recent malware attacks. Proactively defend against potential intrusions with a new Sigma rule available in our SOC Prime Platform.

socprime.com/blog/sesameo...

SOC Prime has secured strategic investment to accelerate AI-powered cyber defense transformation.

socprime.com/news/soc-pri...

SOC Prime Marks 5 Years of Continuous SOC 2 Type II Compliance | SOC Prime SOC Prime completes the SOC 2 Type II audit for the fifth consecutive year, proving our commitment to high cybersecurity standards.

Security isn’t a checkbox — it’s who we are. SOC Prime has achieved SOC 2 Type II compliance for the 5th year in a row, proving our continued dedication to the highest security standards.

👉 Read more: socprime.com/news/soc-pri...

CVE-2025-59287 Detection: A Critical Unauthenticated RCE Vulnerability in Microsoft WSUS Under Active Exploitation | SOC Prime Detect CVE-2025-59287 exploitation attempts, a new critical RCE vulnerability in Microsoft WSUS, with curated Sigma rules from SOC Prime Platform.

CVE-2025-59287, a new critical RCE vulnerability in Microsoft WSUS systems, is under active exploitation. With a PoC out, rapid detection is a must. Timely spot exploitation attempts with curated detections from SOC Prime Platform.
socprime.com/blog/cve-202...

Struggling to tackle a technical challenge, issue, or task in SIEM, EDR, or Data Lake? Check out Knowledge Bits by SOC Prime experts for crisp, actionable insights to solve common hurdles.

🔗 socprime.com/blog/#knowle...

MITRE Attack Flow v3.0.0 | SOC Prime Learn how MITRE Attack Flow v3.0.0 empowers security teams to visualize, analyze, and defend against complex threats with insights from SOC Prime Blog.

Complex attacks don’t follow a straight line — are you seeing the full chain?

Attack Flow v3.0.0 by Center for Threat-Informed Defense is a game-changing approach to visualizing threat behavior. SOC Prime takes it further.

🔗 socprime.com/blog/attack-...

#mirte #cybersecurity #threatintelligence

UAC-0239 Activity Detection: Targeted Spearphishing Attacks Against Defense Forces and State Bodies of Ukraine via the OrcaC2 Framework and FILEMESS Stealer  | SOC Prime Detect UAC-0239 activity against defense and state agencies via OrcaC2 framework and FILEMESS stealer with Sigma rules from SOC Prime Platform.

CERT-UA reports a new spearphishing campaign by UA-0239 targeting the Ukrainian Defense Forces and local government bodies, deploying OrcaC2 and FILEMESS stealer. Detect attacks with curated Sigma rules available in the SOC Prime Platform.
socprime.com/blog/uac-023...

CVE-2025-10035 Detection: Storm-1175 Exploits a Critical Fortra GoAnywhere MFT Vulnerability to Deploy Medusa Ransomware | SOC Prime Detect CVE-2025-10035 exploitation attempts, a critical GoAnywhere vulnerability used by the Storm-1175 group, with Sigma rules from SOC Prime Platform.

Storm-1175 group exploits CVE-2025-10035, a critical GoAnywhere MFT vulnerability enabling command injection & RCE, followed by deployment of Medusa ransomware. Stay ahead of the threat with curated detection content from SOC Prime Platform.
socprime.com/blog/detect-...

CVE-2025-61882 Vulnerability Detection: A Critical Oracle E-Business Suite Zero-Day Exploited in Cl0p Data Theft Attacks | SOC Prime Detect CVE-2025-61882 exploitation attempts, a critical zero-day vulnerability in Oracle EBS, using Sigma rules in the SOC Prime Platform.

Oracle has released an emergency update to address a critical RCE vulnerability (CVE-2025-61882) in its E-Business Suite, which has been actively exploited in recent Cl0p ransomware data theft attacks.
socprime.com/blog/cve-202...
#cybersecurity #infosec

AI ransomware on the rise! FunkLocker is a new AI-based ransomware strain by FunkLocker that has already hit 100+ organizations in the U.S., Europe, and Asia. Stay ahead of ransomware attacks with curated detection rules from SOC Prime Platform.
buff.ly/IJ3ZSFG
#cybersecurity #infosec

CERT-UA warns defenders of targeted attacks against the Ukrainian military entities by the UAC-0245 threat group using CABINETRAT backdoor spread via Excel XLL add-ins shared over Signal. Detect malicious activity with Sigma rules in the SOC Prime Platform.
buff.ly/9cI0sZH
#cybersecurity #infosec

SOC Prime’s Center of Excellence for Amazon AWS Rely on the power of SOC Prime & AWS to drive a transformational change in cyber defense backed by zero-trust and cost-efficient security operations.

Rely on zero-trust, multi-cloud, and cost-efficient security operations backed by AWS and SOC Prime innovation to future-proof your cyber resilience.
my.socprime.com/amazon-web-s...

BRICKSTORM Malware Detection: UNC5221 and Related China-Backed Actors Target U.S. Legal and Tech Sectors | SOC Prime Detect BRICKSTORM malware used in stealthy attacks by UNC5221 to target U.S. legal and tech firms with Sigma rules from SOC Prme Platform.

Detect BRICKSTORM, a stealthy backdoor used by China-nexus UNC5221 APT in targeted cyber-espionage campaigns against U.S. legal & tech firms, with the latest CTI and curated Sigma rules in the SOC Prime Platform.

socprime.com/blog/brickst...

LTIMindtree saved 4,000 hours per year on threat research and detection content coding using SOC Prime Platform.

Explore more at: socprime.com/customer-suc...

CISA Alert AA25-266A: Detecting Malicious Activity Linked to the U.S. Federal Agency Breach via Unpatched GeoServer (CVE-2024-36401) | SOC Prime Detect attacks exploiting CVE-2024-36401, linked to the U.S. federal agency breach covered in CISA’s AA25-266A alert, with Sigma rules from SOC Prime.

The latest CISA alert warns of a major threat posed by CVE-2024-36401, an unauthenticated RCE vulnerability in GeoServer exploited to breach a U.S. federal agency. Detect related TTPs using a set of Sigma rules in the SOC Prime Platform.
socprime.com/blog/detect-...
#cybersecurity #infosec

Whether you're searching by threat actors, TTPs, CVE IDs, log source names, event IDs, or any other query, Light Search helps you find exactly what you need across the world's largest library on detection algorithms.

Start now: tdm.socprime.com/light-search/

Discover prioritized SIEM use cases with Attack Detective. Save time and effort to seamlessly configure and deploy them to generate low-noise, high-value alerts tailored to your threat profile.

my.socprime.com/rules-for-al...

Outsmart adversaries with SOC Prime's hands-on training based on real-life scenarios. Dive into critical concepts, improve practical skills, and accelerate threat hunting and detection engineering maturity through enhanced expertise.

Learn more: my.socprime.com/detection-en...

Maranhão Stealer Detection: New Node.js-Based Information-Stealing Malware Applies Reflective DLL Injection | SOC Prime Detect Maranhão stealer that uses reflective DLL injection to steal login credentials with curated Sigma rules from SOC Prime Platform.

Maranhão Stealer targets gamers via cloud-hosted pirated software, using social engineering, reflective DLL injection, and advanced stealth methods to hijack credentials and crypto wallets. Detect attacks with Sigma rules from SOC Prime Platform.
socprime.com/blog/maranha...
#cybersecurity

Deliver high-margin, scalable services to new and existing customers while relying on your in-house engineering team. Learn how to empower your #MDR offerings with SOC Prime’s cutting-edge technologies.

my.socprime.com/mdr-partners/
#MSSP #SOC #SOCservices #cybersecurity #BlueTeam

The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations | SOC Prime Detect the Gentlemen ransomware used in a new advanced adversary campaign against global organizations with Sigma rules from SOC Prime Platform.

The new Gentlemen ransomware group exploits privileged accounts and evades defenses with advanced techniques targeting critical organizations in 17+ countries. Proactively detect ransomware attacks with curated Sigma rules from SOC Prime Platform.
buff.ly/Apfdhao
#cybersecurity #infosec

Knowledge Bits are bite-sized insights by SOC Prime experts to resolve common SIEM, EDR, and Data Lake hurdles.
🔸 Dive in now: buff.ly/B3QYjMs

MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems | SOC Prime Detect MostereRAT that employs advanced evasion techniques and is deployed via AnyDesk and TightVNC with Sigma rules from SOC Prime Platform.

Detect MostereRAT attacks, a stealthy phishing-driven threat leveraging AnyDesk and TightVNC to sustain long-term control over compromised Windows systems, using Sigma rules in the SOC Prime Platform.
buff.ly/YDwd2WN

What Is Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010 | SOC Prime Exfiltration is a common MITRE ATT&CK tactic used by attackers to steal sensitive data. Explore key concepts and how to detect dangerous data leaks.

Check out our guide on the MITRE ATT&CK® Exfiltration tactic, featuring top detection & prevention methods, plus relevant Sigma rules.

Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains | SOC Prime Detect Lazarus Group attacks leveraging PondRAT, ThemeForestRAT, and RemotePE RATs using a set of Sigma rules in the SOC Prime Platform.

North Korea’s Lazarus Group is back with new tricks! Hackers rely on social engineering, exploit suspected Chrome zero-day to deploy new RATs targeting financial and crypto sectors. Detect associated malicious activity with Sigma rules in the SOC Prime Platform. socprime.com/blog/detect-...

Obtain Rules for Alerting with SOC Prime’s Attack Detective Rely on SOC Prime’s product suite to obtain prioritized SIEM rules generating low-noise, high-value alerts for comprehensive threat detection.

Obtain prioritized SIEM rules perfectly aligned with your threat profile to generate low-noise alerts for comprehensive threat detection.

Strengthening Cybersecurity in the Finance Industry Equipped with SOC Prime's Solutions | SOC Prime Dive into the financial cyber threat landscape and explore how SOC Prime helps boost cyber defense for organizations in the financial sector.

Learn about the most critical financial industry threats and explore how SOC Prime helps overcome them.

Obtain an expertly packaged threat hunting service to outscale cyber threats. Let our team proactively hunt for both insider and external threats while optimizing detection and logging for more resilient defense.

Learn more: buff.ly/0xj3laH

Leading #MDR providers rely on SOC Prime to address the technical debt & customer churn risks and embark on a seamless success journey with high-margin scalable services. Learn more:

buff.ly/Yep9d48

Join the SOC Prime Cybersec Community Discord Server! Server for cybersecurity professionals to connect, network, master Sigma, participate in Threat Bounty and so much more! | 2938 members

Join SOC Prime's Discord community to be the first to know about emerging threats and network with cybersecurity experts.

Start now: discord.gg/ec6JQbPbzb