Skip to content
  • Analysts
  • Contact Us
  • Services

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Analysts
  • Contact Us
  • Services
Wednesday, June 29, 2022

Category: cobaltstrike

BazarLoader to Conti Ransomware in 32 Hours
bazar cobaltstrike conti

BazarLoader to Conti Ransomware in 32 Hours

September 13, 2021

Intro Conti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2 2021 Coveware ransomware report. The groups deploying this RaaS have only grown … Read More

Cobalt Strike, a Defender’s Guide
cobaltstrike Tools

Cobalt Strike, a Defender’s Guide

August 29, 2021

Intro In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we … Read More

Trickbot Leads Up to Fake 1Password Installation
cobaltstrike trickbot

Trickbot Leads Up to Fake 1Password Installation

August 16, 2021

Intro  Over the past years, Trickbot has established itself as modular and multifunctional malware. Initially focusing on bank credential theft, the Trickbot operators have extended its capabilities. More recently, Trickbot … Read More

BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
adfind BazarCall cobaltstrike conti ransomware trickbot

BazarCall to Conti Ransomware via Trickbot and Cobalt Strike

August 1, 2021

Intro This report will go through an intrusion that went from an Excel file to domain wide ransomware. The threat actors used BazarCall to install Trickbot in the environment which … Read More

IcedID and Cobalt Strike vs Antivirus
adfind cobaltstrike icedid

IcedID and Cobalt Strike vs Antivirus

July 19, 2021

Intro Although IcedID was originally discovered back in 2017, it did not gain in popularity until the latter half of 2020.  We have now analyzed a couple ransomware cases in … Read More

Hancitor Continues to Push Cobalt Strike
cobaltstrike hancitor

Hancitor Continues to Push Cobalt Strike

June 28, 2021

First observed in 2014, Hancitor (also known as Chanitor and Tordal) is a downloader trojan that has been used to deliver multiple different malware such as Pony, Vawtrak, and DELoader. … Read More

From Word to Lateral Movement in 1 Hour
adfind cobaltstrike icedid

From Word to Lateral Movement in 1 Hour

June 20, 2021

Introduction  In May 2021, we observed a threat actor conducting an intrusion utilizing the IcedID payloads for initial access. They later performed a number of techniques from host discovery to … Read More

Conti Ransomware
cobaltstrike conti icedid ransomware

Conti Ransomware

May 12, 2021

Introduction First seen in May 2020, Conti ransomware has quickly become one of the most common ransomware variants, according to Coveware. As per Coveware’s Quarterly Ransomware Report (Q1 2021), Conti … Read More

Sodinokibi (aka REvil) Ransomware
adfind cobaltstrike icedid ransomware revil Sodinokibi

Sodinokibi (aka REvil) Ransomware

March 29, 2021

Intro Sodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) groups over the last couple years. The ransomware family was purported to be behind … Read More

Bazar Drops the Anchor
anchor bazar cobaltstrike

Bazar Drops the Anchor

March 8, 2021

Intro The malware identified as Anchor first entered the scene in late 2018 and has been linked to the same group as Trickbot, due to similarities in code and usage … Read More

Posts navigation

Previous 1 2 3 Next

Translate

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Follow us on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Proudly powered by WordPress | Theme: FreeNews | By ThemeSpiral.com.