Skip to content
  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
Tuesday, December 05, 2023
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

Category: ransomware

The Little Ransomware That Couldn’t (Dharma)
ransomware rdp yara

The Little Ransomware That Couldn’t (Dharma)

June 16, 2020

Ransomware continues unabated in the year of continually mounting pressure. But for every big game actor out there compromising Fortune listed companies there are the little guys that maybe just … Read More

Lockbit Ransomware, Why You No Spread?
ransomware rdp yara

Lockbit Ransomware, Why You No Spread?

June 10, 2020

RDP brute forcing continues to be a favorite entry point for ransomware actors. In this past month we saw activity from the Lockbit ransomware family. Initial Access: RDP login from … Read More

Dharma Ransomware
ransomware rdp

Dharma Ransomware

April 14, 2020

An attacker logged into the honeypot via RDP from 178.239.173[.]172. Within 10 minutes the attacker went from local admin, to domain admin to installing ransomware on multiple machines. The attacker … Read More

GoGoogle Ransomware
ransomware rdp

GoGoogle Ransomware

April 4, 2020

An attacker logged into the honeypot from 93.174.95[.]73, disabled security tools, dropped their toolkit and started recon. Recon was quickly followed by an onslaught of password dumping tools such as … Read More

Comment on GoGoogle Ransomware

Posts navigation

Previous 1 2

Reports

Threat Intelligence

Detection Rules

Case Artifacts

Mentoring and Coaching

Proudly powered by WordPress | Copyright 2023 | The DFIR Report | All Rights Reserved