CONTInuing the Bazar Ransomware Story In this report we will discuss a case from early August where we witnessed threat actors utiliz... 2021-11-29 11:19:21 | 阅读: 46 | 收藏 | thedfirreport.com cobalt rundll32 windows github remote

Exchange Exploit Leads to Domain Wide Ransomware IntroIn late September, we observed an intrusion in which initial access was gained by the thr... 2021-11-15 11:06:59 | 阅读: 72 | 收藏 | thedfirreport.com exchange microsoft 31207 34473 windows

From Zero to Domain Admin IntroThis report will go through an intrusion from July that began with an email, which included a... 2021-11-01 09:57:41 | 阅读: 57 | 收藏 | thedfirreport.com cobalt rundll32 windows hancitor powershell

IcedID to XingLocker Ransomware in 24 hours IntroTowards the end of July, we observed an intrusion that began with IcedID malware and ended in... 2021-10-18 10:11:22 | 阅读: 155 | 收藏 | thedfirreport.com windows defender microsoft software powershell

BazarLoader and the Conti Leaks IntroIn July, we observed an intrusion that started from a BazarLoader infection and lasted approx... 2021-10-04 10:30:53 | 阅读: 75 | 收藏 | thedfirreport.com zl qz cobalt windows network

BazarLoader to Conti Ransomware in 32 Hours IntroConti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2... 2021-09-13 09:15:57 | 阅读: 114 | 收藏 | thedfirreport.com windows cobalt dllhost powershell beacon

Cobalt Strike, a Defender’s Guide IntroIn our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well a... 2021-08-30 08:36:36 | 阅读: 78 | 收藏 | thedfirreport.com cobalt trojan c2 beacon remote

Trickbot Deploys a Fake 1Password Installer Intro Over the past years, Trickbot has established itself as modular and multifunctional malwa... 2021-08-16 09:16:38 | 阅读: 61 | 收藏 | thedfirreport.com windows siksf nhmveo runonce aqvmr

Trickbot Leads Up to Fake 1Password Installation Intro Over the past years, Trickbot has established itself as modular and multifunctional malwa... 2021-08-16 09:16:38 | 阅读: 30 | 收藏 | thedfirreport.com windows siksf nhmveo runonce aqvmr

BazarCall to Conti Ransomware via Trickbot and Cobalt Strike IntroThis report will go through an intrusion that went from an Excel file to domain wide ranso... 2021-08-02 07:47:29 | 阅读: 69 | 收藏 | thedfirreport.com windows sigma github sigmahq powershell

IcedID and Cobalt Strike vs Antivirus IntroAlthough IcedID was originally discovered back in 2017, it did not gain in popularity unti... 2021-07-19 09:25:47 | 阅读: 107 | 收藏 | thedfirreport.com cobalt adfind icedid beacon windows

Hancitor Continues to Push Cobalt Strike First observed in 2014, Hancitor (also known as Chanitor and Tordal) is a downloader trojan tha... 2021-06-28 10:28:27 | 阅读: 155 | 收藏 | thedfirreport.com rundll32 cobalt c2 hancitor beacon

From Word to Lateral Movement in 1 Hour Introduction In May 2021, we observed a threat actor conducting an intrusion utilizing the Iced... 2021-06-21 08:27:55 | 阅读: 223 | 收藏 | thedfirreport.com icedid testsubnet wuauclt powershell adfind

WebLogic RCE Leads to XMRig IntroThis report will review an intrusion where, the threat actor took advantage of a WebLogic... 2021-06-03 09:57:26 | 阅读: 209 | 收藏 | thedfirreport.com powershell weblogic payload attacker 14882

Conti Ransomware IntroductionFirst seen in May 2020, Conti ransomware has quickly become one of the most common... 2021-05-12 10:20:17 | 阅读: 208 | 收藏 | thedfirreport.com windows tempora cobalt ut temporibus

Trickbot Brief: Creds and Beacons Intro“TrickBot malware—first identified in 2016—is a Trojan developed and operated by a sophis... 2021-05-03 08:42:46 | 阅读: 168 | 收藏 | thedfirreport.com 449 cobalt c2 beacon rundll32

Sodinokibi (aka REvil) Ransomware IntroSodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) gr... 2021-03-29 09:43:09 | 阅读: 177 | 收藏 | thedfirreport.com domainname exchange

Bazar Drops the Anchor IntroThe malware identified as Anchor first entered the scene in late 2018 and has been linked... 2021-03-08 11:09:34 | 阅读: 115 | 收藏 | thedfirreport.com microsoft anchordns windows anchor cobalt

Laravel Apps Leaking Secrets An attacker logged in through RDP a few days ago to run a “smtp cracker” that scans a list of IP... 2021-03-01 03:54:02 | 阅读: 130 | 收藏 | thedfirreport.com cracker attacker sendgrid partial twilio

Bazar, No Ryuk? IntroIn the fall of 2020, Bazar came to prominence when several campaigns delivered Ryuk ransom... 2021-02-01 08:58:23 | 阅读: 102 | 收藏 | thedfirreport.com cobalt windows bazar powershell rundll32