Search Results for “"Restricted Admin Mode"”

gootloader

SEO Poisoning to Domain Control: The Gootloader Saga Continues

editor February 26, 2024

Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More

cobaltstrike Exfiltrate Data ursnif wmiexec

Unwrapping Ursnifs Gifts

editor January 9, 2023

In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobalt Strike being deployed. This was followed by the threat actors moving laterally throughout the environment … Read More

cobaltstrike gootloader lazagne psexec

SEO Poisoning – A Gootloader Story

editor May 9, 2022

In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initial access vector. The intrusion lasted two days and comprised discovery, persistence, lateral movement, collection, defense … Read More

bazar cobaltstrike conti

BazarLoader to Conti Ransomware in 32 Hours

editor September 13, 2021

Intro Conti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2 2021 Coveware ransomware report. The groups deploying this RaaS have only grown … Read More