Skip to content
  • Analysts
  • Contact Us
  • Services

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Analysts
  • Contact Us
  • Services
Saturday, December 03, 2022
WebLogic RCE Leads to XMRig
cryptominer CVE-2020-14882

WebLogic RCE Leads to XMRig

June 3, 2021

Intro This report will review an intrusion where, the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing … Read More

Conti Ransomware
cobaltstrike conti icedid ransomware

Conti Ransomware

May 12, 2021

Introduction First seen in May 2020, Conti ransomware has quickly become one of the most common ransomware variants, according to Coveware. As per Coveware’s Quarterly Ransomware Report (Q1 2021), Conti … Read More

Trickbot Brief: Creds and Beacons
trickbot

Trickbot Brief: Creds and Beacons

May 2, 2021

Intro “TrickBot malware—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. The cybercrime group initially designed TrickBot as a banking trojan to steal … Read More

Sodinokibi (aka REvil) Ransomware
adfind cobaltstrike icedid ransomware revil Sodinokibi

Sodinokibi (aka REvil) Ransomware

March 29, 2021

Intro Sodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) groups over the last couple years. The ransomware family was purported to be behind … Read More

Bazar Drops the Anchor
anchor bazar cobaltstrike

Bazar Drops the Anchor

March 8, 2021

Intro The malware identified as Anchor first entered the scene in late 2018 and has been linked to the same group as Trickbot, due to similarities in code and usage … Read More

Laravel Apps Leaking Secrets
rdp

Laravel Apps Leaking Secrets

February 28, 2021

An attacker logged in through RDP a few days ago to run a “smtp cracker” that scans a list of IP addresses or URLs looking for misconfigured Laravel systems. These … Read More

Bazar, No Ryuk?
adfind bazar cobaltstrike ryuk

Bazar, No Ryuk?

January 31, 2021

Intro In the fall of 2020, Bazar came to prominence when several campaigns delivered Ryuk ransomware. While Bazar appeared to drop-off in December, new campaigns have sprung up recently, using … Read More

All That for a Coinminer?
coinminer rdp

All That for a Coinminer?

January 18, 2021

A threat actor recently brute forced a local administrator password using RDP and then dumped credentials using Mimikatz. They not only dumped LogonPasswords but they also exported all Kerberos tickets. … Read More

Trickbot Still Alive and Well
adfind cobaltstrike trickbot

Trickbot Still Alive and Well

January 11, 2021

In October of 2020, the group behind the infamous botnet known as Trickbot had a bad few days. The group was under concerted pressure applied by US Cyber Command infiltrating … Read More

Defender Control
defense evasion Tools

Defender Control

December 13, 2020

Defender Control is a free software utility we’ve come across in various intrusions. The creators describe it by saying the following: What is certain however is that it [Windows Defender] … Read More

Posts navigation

Previous 1 … 3 4 5 6 Next

Translate

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Follow us on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Proudly powered by WordPress | Theme: FreeNews | By ThemeSpiral.com.