Search Results for “nokoyawa”

IcedID Macro Ends in Nokoyawa Ransomware

editor May 22, 2023

Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can … Read More

alphv cobaltstrike icedid ransomware

IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment

editor June 10, 2024

Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More

adfind Exfiltrate Data icedid nokoyawa ransomware

From OneNote to RansomNote: An Ice Cold Intrusion

editor April 1, 2024

Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More

adfind Attribution icedid nokoyawa ransomware

HTML Smuggling Leads to Domain Wide Ransomware

editor August 28, 2023

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved … Read More

adfind Attribution cobaltstrike Exfiltrate Data FIN11 FlawedGrace Lace Tempest truebot

A Truly Graceful Wipe Out

editor June 12, 2023

In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment … Read More