unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
From OneNote to RansomNote: An Ice Cold Intrusion
Key TakeawaysIn late February 2023, threat actors rode a wave of initial access using Micro...
2024-4-1 08:4:14 | 阅读: 30 |
收藏
|
The DFIR Report - thedfirreport.com
icedid
cobalt
ransomware
windows
beacon
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE
Skip to contentBelow is a recent Threat Brief that we shared with our customers. Each year, we...
2024-3-4 09:22:8 | 阅读: 18 |
收藏
|
The DFIR Report - thedfirreport.com
briefs
ruleset
navigation
identify
security
SEO Poisoning to Domain Control: The Gootloader Saga Continues
Key TakeawaysIn February 2023, we detected an intrusion that was initiated by a user downloading...
2024-2-26 08:39:52 | 阅读: 61 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
cobalt
beacon
gootloader
remote
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key TakeawaysIn late December 2022, we observed threat actors exploiting a publicly exposed Remo...
2024-1-29 08:52:11 | 阅读: 65 |
收藏
|
The DFIR Report - thedfirreport.com
windows
defender
remote
network
microsoft
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a pe...
2023-12-18 09:6:14 | 阅读: 65 |
收藏
|
The DFIR Report - thedfirreport.com
sliver
windows
nuclei
beacons
powershell
SQL Brute Force leads to Bluesky Ransomware
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in Blue...
2023-12-4 09:55:56 | 阅读: 48 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
windows
x90
tor2mine
microsoft
Netsupport Intrusion Results in Domain Compromise
NetSupport Manager is one of the oldest third-party remote access tools still currently on the mar...
2023-10-30 08:38:56 | 阅读: 58 |
收藏
|
The DFIR Report - thedfirreport.com
netsupport
windows
powershell
ssh
remote
From ScreenConnect to Hive Ransomware in 61 hours
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Mo...
2023-9-25 08:58:24 | 阅读: 52 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
windows
network
cobalt
HTML Smuggling Leads to Domain Wide Ransomware
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Exc...
2023-8-28 08:22:33 | 阅读: 76 |
收藏
|
The DFIR Report - thedfirreport.com
icedid
ransomware
cobalt
rundll32
network
A Truly Graceful Wipe Out
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and Flaw...
2023-6-12 09:6:26 | 阅读: 93 |
收藏
|
The DFIR Report - thedfirreport.com
flawedgrace
windows
cobalt
truebot
postex
IcedID Macro Ends in Nokoyawa Ransomware
Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or...
2023-5-22 09:4:22 | 阅读: 88 |
收藏
|
The DFIR Report - thedfirreport.com
windows
icedid
cobalt
x90
u003d
Malicious ISO File Leads to Domain Wide Ransomware
IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activi...
2023-4-3 09:27:10 | 阅读: 135 |
收藏
|
The DFIR Report - thedfirreport.com
windows
cobalt
powershell
beacon
rundll32
2022 Year in Review
As we move into the new year, it’s important to reflect on some of the key changes and development...
2023-3-6 10:37:40 | 阅读: 52 |
收藏
|
The DFIR Report - thedfirreport.com
ransomware
remote
cobalt
bumblebee
windows
Collect, Exfiltrate, Sleep, Repeat
In this intrusion from August 2022, we observed a compromise that was initiated with a Word docume...
2023-2-6 09:26:23 | 阅读: 33 |
收藏
|
The DFIR Report - thedfirreport.com
windows
powershell
childitem
inp
ahk
ShareFinder: How Threat Actors Discover File Shares
Many of our reports focus on adversarial Tactics, Techniques, and Procedures (TTPs) along with the...
2023-1-23 09:11:17 | 阅读: 39 |
收藏
|
The DFIR Report - thedfirreport.com
network
sharefinder
powershell
queried
sigma
Unwrapping Ursnifs Gifts
In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobal...
2023-1-9 10:16:40 | 阅读: 54 |
收藏
|
The DFIR Report - thedfirreport.com
bd2c
bin1
ursnif
windows
cobalt
Emotet Strikes Again – Lnk File Leads to Domain Wide Ransomware
In June of 2022, we observed a threat actor gaining access to an environment via Emotet and operat...
2022-11-28 09:13:34 | 阅读: 87 |
收藏
|
thedfirreport.com
cobalt
remote
windows
rmm
feodo
BumbleBee Zeros in on Meterpreter
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector fro...
2022-11-14 09:48:26 | 阅读: 29 |
收藏
|
thedfirreport.com
bumblebee
cobalt
windows
bypass
rundll32
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploit...
2022-10-31 08:47:53 | 阅读: 36 |
收藏
|
thedfirreport.com
995
qbot
2222
remote
windows
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. Bu...
2022-9-26 09:5:36 | 阅读: 40 |
收藏
|
thedfirreport.com
windows
bumblebee
rundll32
remote
x90
Previous
1
2
3
4
5
6
7
8
Next