Real Intrusions by Real Attackers, The Truth Behind the Intrusion.
The DFIR Report Real Intrusions by Real Attackers, The Truth Behind the Intrusion
- Inside the Open Directory of the “You Dun” Threat Groupby editor on October 28, 2024 at 1:05 am
Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More
- Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomwareby editor on September 30, 2024 at 12:45 am
Key Takeaways Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command … Read More
- BlackSuit Ransomwareby editor on August 26, 2024 at 12:30 am
Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More
- Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scriptsby editor on August 12, 2024 at 1:46 am
Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! Table of Contents: Summary Analysts Adversary Infrastructure Capability Victim Indicators Summary In this report, we delve into … Read More
- IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deploymentby editor on June 10, 2024 at 12:44 am
Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More
- From IcedID to Dagon Locker Ransomware in 29 Daysby editor on April 29, 2024 at 1:21 am
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
- From OneNote to RansomNote: An Ice Cold Intrusionby editor on April 1, 2024 at 12:04 am
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
- Threat Brief: WordPress Plugin Exploit Leads to Godzilla Web Shell, Discovery & New CVEby editor on March 4, 2024 at 1:22 am
Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 20 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More
- SEO Poisoning to Domain Control: The Gootloader Saga Continuesby editor on February 26, 2024 at 12:39 am
Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
- Buzzing on Christmas Eve: Trigona Ransomware in 3 Hoursby editor on January 29, 2024 at 12:52 am
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On … Read More