Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules
A new malware is identified every fewer than five seconds in today's threat environment, which is changing at a rapid speed. As part of cybercrime, there is a lot of malware activity that can infect the system and make it problematic. Cybercrime is a rapidly growing field, allowing cyber thieve...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Indonesian Society for Knowledge and Human Development
2022
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/34758/ http://umpir.ump.edu.my/id/eprint/34758/1/Hermes%20ransomware%20v2.1%20action%20monitoring.pdf |
| _version_ | 1848824593622499328 |
|---|---|
| author | Yau, Ti Dun Mohd Faizal, Ab Razak Mohamad Fadli, Zolkipli Tan Fui, Fui Bee Ahmad Firdaus, Zainal Abidin |
| author_facet | Yau, Ti Dun Mohd Faizal, Ab Razak Mohamad Fadli, Zolkipli Tan Fui, Fui Bee Ahmad Firdaus, Zainal Abidin |
| author_sort | Yau, Ti Dun |
| building | UMP Institutional Repository |
| collection | Online Access |
| description | A new malware is identified every fewer than five seconds in today's threat environment, which is changing at a rapid speed. As part of cybercrime, there is a lot of malware activity that can infect the system and make it problematic. Cybercrime is a rapidly growing field, allowing cyber thieves to engage in a wide range of damaging activities. Hacking, scams, child pornography, and identity theft are all examples of cybercrime. Cybercrime victims might be single entities or groups of persons who are being targeted for harm. Cybercrime and malware become more hazardous and damaging because of these factors. Subsequent to these factors, there is a need to construct Next Generation Security Operation Centers (NGSOCs). SOC consists of human resources, processes, and technology designed to deal with security events derived from the Security Incident Event Management (SIEM) log analysis. This research examines how Next Generation Security Operation Centers (NGSOCs) respond to malicious activity. This study develops a use case to detect the latest Hermes Ransomware v2.1 malware using complex correlation rules for the SIEM anomalies engine. This study aims to analyze and detect Hermes Ransomware v2.1. As a result, NGSOC distinguishes malware activities' initial stages by halting traffic attempts to download malware. By forwarding logs to SIEM, the use case can support Threat Analyst in finding other Indicators of Compromise (IOC) to assist organizations in developing a systematic and more preemptive approach for ransomware detection. |
| first_indexed | 2025-11-15T03:15:30Z |
| format | Article |
| id | ump-34758 |
| institution | Universiti Malaysia Pahang |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T03:15:30Z |
| publishDate | 2022 |
| publisher | Indonesian Society for Knowledge and Human Development |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | ump-347582022-07-21T07:58:20Z http://umpir.ump.edu.my/id/eprint/34758/ Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules Yau, Ti Dun Mohd Faizal, Ab Razak Mohamad Fadli, Zolkipli Tan Fui, Fui Bee Ahmad Firdaus, Zainal Abidin QA76 Computer software A new malware is identified every fewer than five seconds in today's threat environment, which is changing at a rapid speed. As part of cybercrime, there is a lot of malware activity that can infect the system and make it problematic. Cybercrime is a rapidly growing field, allowing cyber thieves to engage in a wide range of damaging activities. Hacking, scams, child pornography, and identity theft are all examples of cybercrime. Cybercrime victims might be single entities or groups of persons who are being targeted for harm. Cybercrime and malware become more hazardous and damaging because of these factors. Subsequent to these factors, there is a need to construct Next Generation Security Operation Centers (NGSOCs). SOC consists of human resources, processes, and technology designed to deal with security events derived from the Security Incident Event Management (SIEM) log analysis. This research examines how Next Generation Security Operation Centers (NGSOCs) respond to malicious activity. This study develops a use case to detect the latest Hermes Ransomware v2.1 malware using complex correlation rules for the SIEM anomalies engine. This study aims to analyze and detect Hermes Ransomware v2.1. As a result, NGSOC distinguishes malware activities' initial stages by halting traffic attempts to download malware. By forwarding logs to SIEM, the use case can support Threat Analyst in finding other Indicators of Compromise (IOC) to assist organizations in developing a systematic and more preemptive approach for ransomware detection. Indonesian Society for Knowledge and Human Development 2022 Article PeerReviewed pdf en cc_by_sa_4 http://umpir.ump.edu.my/id/eprint/34758/1/Hermes%20ransomware%20v2.1%20action%20monitoring.pdf Yau, Ti Dun and Mohd Faizal, Ab Razak and Mohamad Fadli, Zolkipli and Tan Fui, Fui Bee and Ahmad Firdaus, Zainal Abidin (2022) Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules. International Journal on Advanced Science, Engineering and Information Technology, 12 (3). pp. 1287-1292. ISSN 2088-5334. (Published) https://doi.org/10.18517/ijaseit.12.3.15329 https://doi.org/10.18517/ijaseit.12.3.15329 |
| spellingShingle | QA76 Computer software Yau, Ti Dun Mohd Faizal, Ab Razak Mohamad Fadli, Zolkipli Tan Fui, Fui Bee Ahmad Firdaus, Zainal Abidin Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title | Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title_full | Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title_fullStr | Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title_full_unstemmed | Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title_short | Hermes ransomware v2.1 action monitoring using next generation security operation center (NGSOC) complex correlation rules |
| title_sort | hermes ransomware v2.1 action monitoring using next generation security operation center (ngsoc) complex correlation rules |
| topic | QA76 Computer software |
| url | http://umpir.ump.edu.my/id/eprint/34758/ http://umpir.ump.edu.my/id/eprint/34758/ http://umpir.ump.edu.my/id/eprint/34758/ http://umpir.ump.edu.my/id/eprint/34758/1/Hermes%20ransomware%20v2.1%20action%20monitoring.pdf |