Skip to content
  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
Sunday, September 24, 2023
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

Category: Attribution

HTML Smuggling Leads to Domain Wide Ransomware
adfind Attribution icedid nokoyawa ransomware

HTML Smuggling Leads to Domain Wide Ransomware

August 28, 2023

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved … Read More

A Truly Graceful Wipe Out
adfind Attribution cobaltstrike Exfiltrate Data FIN11 FlawedGrace Lace Tempest truebot

A Truly Graceful Wipe Out

June 12, 2023

In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment … Read More

Reports

Threat Intelligence

Detection Rules

Case Artifacts

Mentoring and Coaching

Copyright 2023 | The DFIR Report | All Rights Reserved