Attacks, Case Studies, Events, Hacking, News, Phishing, Ransomware, Reports, Reviews, Social Engineering, Threat Research, , , , , , , , , , ,
Cyber Security Hacking

The DFIR Report Real Intrusions

Real Intrusions by Real Attackers, The Truth Behind the Intrusion.

The DFIR Report Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Fake Zoom Ends in BlackSuit Ransomware
    by editor on March 31, 2025 at 12:01 am

    Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file … Read More

  • Confluence Exploit Leads to LockBit Ransomware
    by editor on February 24, 2025 at 12:06 am

    Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threat actor … Read More

  • Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
    by editor on January 27, 2025 at 1:42 am

    Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More

  • The Curious Case of an Egg-Cellent Resume
    by editor on December 2, 2024 at 1:50 am

    Key Takeaways Private Threat Briefs: Over 20 private DFIR reports annually. Threat Feed: Focuses on tracking Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, etc. All Intel: Includes everything from … Read More

  • Inside the Open Directory of the “You Dun” Threat Group
    by editor on October 28, 2024 at 1:05 am

    Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More

  • Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
    by editor on September 30, 2024 at 12:45 am

    Key Takeaways Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command … Read More

  • BlackSuit Ransomware
    by editor on August 26, 2024 at 12:30 am

    Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More

  • Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
    by editor on August 12, 2024 at 1:46 am

    Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! Table of Contents: Summary Analysts Adversary Infrastructure Capability Victim Indicators Summary In this report, we delve into … Read More

  • IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
    by editor on June 10, 2024 at 12:44 am

    Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More

  • From IcedID to Dagon Locker Ransomware in 29 Days
    by editor on April 29, 2024 at 1:21 am

    Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.