Skip to content
  • Contact Us

The DFIR Report

Real Intrusions by Real Attackers, the Truth Behind the Intrusion

  • Contact Us
Tuesday, September 29, 2020
Dharma Ransomware
ransomware rdp

Dharma Ransomware

April 14, 2020

An attacker logged into the honeypot via RDP from 178.239.173[.]172. Within 10 minutes the attacker went from local admin, to domain admin to installing ransomware on multiple machines. The attacker … Read More

GoGoogle Ransomware
ransomware rdp

GoGoogle Ransomware

April 4, 2020

An attacker logged into the honeypot from 93.174.95[.]73, disabled security tools, dropped their toolkit and started recon. Recon was quickly followed by an onslaught of password dumping tools such as … Read More

Comment on GoGoogle Ransomware

Posts navigation

Previous 1 2

Want to support this project?

Become a Patron!

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Follow us on Twitter

My Tweets

Recent Posts: The DFIR Report

NetWalker Ransomware in 1 Hour

NetWalker Ransomware in 1 Hour

The threat actor logged in through RDP, attempted to run a Cobalt Strike Beacon, and then dumped memory using ProcDump and Mimikatz. Next, they RDPed into a Domain Controller, minutes … Read More

Dridex – From Word to Domain Dominance

Dridex – From Word to Domain Dominance

Ransomware Again…But We Changed the RDP Port!?!?!

Ransomware Again…But We Changed the RDP Port!?!?!

Here’s another example of threat actors brute forcing RDP to install ransomware, this time the brute forced system was not using the default RDP port. The threat actors installed ransomware … Read More

Snatch Ransomware

Snatch Ransomware

Another RDP brute force ransomware strikes again, this time, Snatch Team! Snatch Team was able to go from brute forcing a Domain Administrator (DA) account via RDP, to running a … Read More

The Little Ransomware That Couldn’t (Dharma)

The Little Ransomware That Couldn’t (Dharma)

Ransomware continues unabated in the year of continually mounting pressure. But for every big game actor out there compromising Fortune listed companies there are the little guys that maybe just … Read More

Translate

Proudly powered by WordPress | Theme: FreeNews | By ThemeSpiral.com.