Skip to content
  • Analysts
  • Contact Us
  • Services
  • Subscribe

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Analysts
  • Contact Us
  • Services
  • Subscribe
Monday, March 20, 2023

Category: Kerberoast

Dead or Alive? An Emotet Story
adfind cobaltstrike emotet Exfiltrate Data Kerberoast ShareFinder

Dead or Alive? An Emotet Story

September 12, 2022

In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started very soon after … Read More

BumbleBee Roasts Its Way to Domain Admin
adfind bumblebee cobaltstrike Kerberoast ShareFinder

BumbleBee Roasts Its Way to Domain Admin

August 8, 2022

In this intrusion from April 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee is a malware loader that was first reported by Google Threat Analysis Group … Read More

Tweets by TheDFIRReport

Copyright 2023 | The DFIR Report | All Rights Reserved