Category: The DFIR Report

The Curious Case of an Egg-Cellent Resume

Key Takeaways Private Threat Briefs: Over 20 private DFIR reports annually. Threat Feed: Focuses on tracking Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, etc. All Intel: Includes everything from … Read More This article has been indexed from The…

Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

Key Takeaways Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Timeline Diamond … Read More This article has been indexed from The…

Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

Key Takeaways Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Timeline Diamond … Read More This article has been indexed from The…

BlackSuit Ransomware

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More This article has been indexed from The…

BlackSuit Ransomware

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More This article has been indexed from The…

From IcedID to Dagon Locker Ransomware in 29 Days

Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More The post From IcedID to Dagon Locker…

From OneNote to RansomNote: An Ice Cold Intrusion

Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More The post From OneNote to RansomNote: An…

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On … Read More The post Buzzing on Christmas Eve: Trigona…

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On … Read More The post Buzzing on Christmas Eve: Trigona…

SQL Brute Force Leads to BlueSky Ransomware

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More The post SQL Brute Force Leads to…

SQL Brute Force leads to Bluesky Ransomware

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More The post SQL Brute Force leads to…

NetSupport Intrusion Results in Domain Compromise

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More The post NetSupport Intrusion Results in Domain…

NetSupport Intrusion Results in Domain Compromise

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More The post NetSupport Intrusion Results in Domain…

Netsupport Intrusion Results in Domain Compromise

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More The post Netsupport Intrusion Results in Domain…