Key Takeaways Private Threat Briefs: 20+ private DFIR reports annually. Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense … Read More This article has been indexed from The…
Category: The DFIR Report
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery … Read More This article has been indexed from The…
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery … Read More This article has been indexed from The…
KongTuke FileFix Leads to New Interlock RAT Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shift … Read More This article has been indexed from The…
KongTuke FileFix Leads to New Interlock RAT Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shift … Read More This article has been indexed from The…
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Key Takeaways Case Summary This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor attempted … Read More This article has been indexed from The…
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP … Read More This article has been indexed from The…
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP … Read More This article has been indexed from The…
Navigating Through The Fog
Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence… This article has been indexed from…
Navigating Through The Fog
Key Takeaways This article has been indexed from The DFIR Report Read the original article: Navigating Through The Fog
Fake Zoom Ends in BlackSuit Ransomware
Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file … Read More This article has been indexed from The…
Fake Zoom Ends in BlackSuit Ransomware
Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file … Read More This article has been indexed from The…
Confluence Exploit Leads to LockBit Ransomware
Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threat actor … Read More This article has been indexed from The…
Confluence Exploit Leads to LockBit Ransomware
Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threat actor … Read More This article has been indexed from The…
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More This article has been indexed from The…
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More This article has been indexed from The…
The Curious Case of an Egg-Cellent Resume
Key Takeaways Private Threat Briefs: Over 20 private DFIR reports annually. Threat Feed: Focuses on tracking Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, etc. All Intel: Includes everything from … Read More This article has been indexed from The…
Inside the Open Directory of the “You Dun” Threat Group
Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More This article has been indexed from The…
Inside the Open Directory of the “You Dun” Threat Group
Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More This article has been indexed from The…
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Key Takeaways Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Timeline Diamond … Read More This article has been indexed from The…