Skip to content
  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
Sunday, September 24, 2023
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team
Dharma Ransomware
ransomware rdp

Dharma Ransomware

April 14, 2020

An attacker logged into the honeypot via RDP from 178.239.173[.]172. Within 10 minutes the attacker went from local admin, to domain admin to installing ransomware on multiple machines. The attacker … Read More

GoGoogle Ransomware
ransomware rdp

GoGoogle Ransomware

April 4, 2020

An attacker logged into the honeypot from 93.174.95[.]73, disabled security tools, dropped their toolkit and started recon. Recon was quickly followed by an onslaught of password dumping tools such as … Read More

Comment on GoGoogle Ransomware

Posts navigation

Previous 1 … 3 4

Reports

Threat Intelligence

Detection Rules

Case Artifacts

Mentoring and Coaching

Copyright 2023 | The DFIR Report | All Rights Reserved