real intrusions by real attackers, the truth behind the intrusion
1k followers 0 articles/week
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

Key Takeaways Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Timeline Diamond … Read More

Mon Sep 30, 2024 03:46
BlackSuit Ransomware

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor … Read More

Mon Aug 26, 2024 03:33
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! Table of Contents: Summary Analysts Adversary Infrastructure Capability Victim Indicators Summary In this report, we delve into … Read More

Mon Aug 12, 2024 04:57
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment

Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← New DFIR Labs case available today based on this report! Check … Read More

Mon Jun 10, 2024 03:51
24952

Key Takeaways Services Contact us today for a demo! Table of Contents: Case Summary Services Analysts Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection … Read More

Fri Jun 7, 2024 15:01
From IcedID to Dagon Locker Ransomware in 29 Days

Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More

Mon Apr 29, 2024 04:28

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account