Real Intrusions by Real Attackers, The Truth Behind the Intrusion
Key Takeaways Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command … Read More
Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More
Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activity from a campaign in late September of 2022. Post exploitation activities detail some familiar and … Read More
In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initial access vector. The intrusion lasted two days and comprised discovery, persistence, lateral movement, collection, defense … Read More
As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look … Read More
Intro Towards the end of July, we observed an intrusion that began with IcedID malware and ended in XingLocker ransomware, a Mountlocker variant. XingLocker made its first appearance in early … Read More
Intro In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we … Read More
Intro This report will go through an intrusion that went from an Excel file to domain wide ransomware. The threat actors used BazarCall to install Trickbot in the environment which … Read More
Intro Sodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) groups over the last couple years. The ransomware family was purported to be behind … Read More
In October of 2020, the group behind the infamous botnet known as Trickbot had a bad few days. The group was under concerted pressure applied by US Cyber Command infiltrating … Read More
Trickbot has been seen often as a payload dropped by other malware like Emotet, and has been seen dropping many payloads, most notably ransomware. But while Emotet sleeps it may … Read More
