Through-out our investigations we gather numerous artifacts such as files, memory captures, event logs, PCAPs, ransomware samples, Kape packages, etc. for each of our cases. We also acquire dropped files through-out the month that don’t make it into our reports.
We make these artifacts available to security researchers and organizations who can benefit from it. Some companies use our artifacts to test their own security and others use it to protect their customers. Some CERTs and governments use our artifacts to protect countries, states, and locals.
To access current or past artifacts please sign up for the most appropriate tier below:
You’re a security researcher who wants to analyze artifacts for learning and/or fun and is not doing so on behalf of an organization (see the next tier). The following artifacts will be shared with the subscriber:
You’re an organization who uses our artifacts and/or reports for profit or you protect your organization using our work. This tier covers security companies, security teams within companies, CERTs, governments, etc. Includes priority support and Q&A. This tier receives access to all artifacts. If you need a receipt for this purchase please use the Contact Us page to get in touch.
Early Access to Artifacts
Artifacts are usually not posted until the accompanying report is posted which could be weeks after the intrusion. This tier will get access to artifacts as soon as they are collected as well as priority support and Q&A. If you need a receipt for this purchase please use the Contact Us page to get in touch.
If you are interested in a specific case please message us using Contact Us after signing up. Case numbers are located at the bottom of each report.
Here are a few examples of the artifacts we collect: