Tag: The DFIR Report

Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence… This article has been indexed from…

Read more →

Key Takeaways This article has been indexed from The DFIR Report Read the original article: Navigating Through The Fog

Read more →

Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file … Read More This article has been indexed from The…

Read more →

Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file … Read More This article has been indexed from The…

Read more →

Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threat actor … Read More This article has been indexed from The…

Read more →

Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More This article has been indexed from The…

Read more →

Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More This article has been indexed from The…

Read more →

Key Takeaways Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Timeline Diamond … Read More This article has been indexed from The…

Read more →

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More This article has been indexed from The…

Read more →

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! Table of Contents: Summary Analysts Adversary Infrastructure Capability Victim Indicators Summary In this report, we delve into … Read More This article has been indexed from The…

Read more →

Key Takeaways The DFIR Report Services →Click here to access the DFIR Lab related to this report← New DFIR Labs case available today based on this report! Check it out … Read More This article has been indexed from The…

Read more →

Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More The post From IcedID to Dagon Locker…

Read more →

Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More The post From OneNote to RansomNote: An…

Read more →

Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 50 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More The post Threat Brief: WordPress Plugin Exploit…

Read more →

Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 50 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More The post Threat Brief: WordPress Exploit Leads…

Read more →

Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More The post SEO Poisoning to Domain Control:…

Read more →

Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On … Read More The post Buzzing on Christmas Eve: Trigona…

Read more →

This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In … Read More The post Lets Open(Dir) Some Presents: An…

Read more →

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More The post SQL Brute Force Leads to…

Read more →

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More The post SQL Brute Force leads to…

Read more →

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More The post NetSupport Intrusion Results in Domain…

Read more →

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More The post Netsupport Intrusion Results in Domain…

Read more →