unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. Bu...
2022-9-26 09:5:36 | 阅读: 40 |
收藏
|
thedfirreport.com
windows
bumblebee
rundll32
remote
x90
Dead or Alive? An Emotet Story
In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware...
2022-9-12 08:32:41 | 阅读: 40 |
收藏
|
thedfirreport.com
hxxps
cobalt
windows
nocase
network
BumbleBee Roasts Its Way to Domain Admin
In this intrusion from April 2022, the threat actors used BumbleBee as the initial access vector....
2022-8-8 09:36:3 | 阅读: 75 |
收藏
|
thedfirreport.com
vulnrecon
windows
cobalt
0x0002
0x0003
SELECT XMRig FROM SQLServer
In March 2022, we observed an intrusion on a public-facing Microsoft SQL Server. The end goal of t...
2022-7-11 09:51:24 | 阅读: 43 |
收藏
|
thedfirreport.com
windows
taskkill
miner
bigfile
microsoft
SANS Ransomware Summit 2022, Can You Detect This?
This report is a companion to the SANS Ransomware Summit 2022 “Can You Detect This” presentation t...
2022-6-16 22:20:39 | 阅读: 52 |
收藏
|
thedfirreport.com
sigma
github
windows
sigmahq
dfir
Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
In this multi-day intrusion, we observed a threat actor gain initial access to an organization b...
2022-6-6 09:28:7 | 阅读: 72 |
收藏
|
thedfirreport.com
msiexec
windows
powershell
ssh
fm2
SEO Poisoning – A Gootloader Story
In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initia...
2022-5-9 09:53:53 | 阅读: 50 |
收藏
|
thedfirreport.com
powershell
cobalt
uo
beacon
windows
Quantum Ransomware
In one of the fastest ransomware cases we have observed, in under four hours the threat actors wen...
2022-4-25 09:16:30 | 阅读: 71 |
收藏
|
thedfirreport.com
windows
cobalt
icedid
ransomware
beacon
Stolen Images Campaign Ends in Conti Ransomware
In this intrusion from December 2021, the threat actors utilized IcedID as the initial access vect...
2022-4-4 09:6:56 | 阅读: 69 |
收藏
|
thedfirreport.com
cobalt
windows
beacon
icedid
c2
APT35 Automates Initial Access Using ProxyShell
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabil...
2022-3-21 09:55:6 | 阅读: 51 |
收藏
|
thedfirreport.com
windows
sigma
sigmahq
github
powershell
2021 Year In Review
As we come to the end of the first quarter of 2022, we want to take some time to look back over ou...
2022-3-7 10:30:33 | 阅读: 33 |
收藏
|
thedfirreport.com
ransomware
cobalt
windows
intrusions
security
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environm...
2022-2-21 10:4:48 | 阅读: 43 |
收藏
|
thedfirreport.com
qbot
windows
zerologon
cobalt
occured
Qbot Likes to Move It, Move It
Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed...
2022-2-7 09:2:36 | 阅读: 51 |
收藏
|
thedfirreport.com
qbot
windows
microsoft
regsvr32
Cobalt Strike, a Defender’s Guide – Part 2
Our previous article on Cobalt Strike focused on the most frequently used capabilities that we...
2022-1-24 11:3:49 | 阅读: 79 |
收藏
|
thedfirreport.com
cobalt
c2
beacon
jarm
ja3
Diavol Ransomware
In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported o...
2021-12-13 11:13:31 | 阅读: 122 |
收藏
|
thedfirreport.com
windows
rubeus
cobalt
ransomware
rundll32
CONTInuing the Bazar Ransomware Story
In this report we will discuss a case from early August where we witnessed threat actors utiliz...
2021-11-29 11:19:21 | 阅读: 37 |
收藏
|
thedfirreport.com
cobalt
rundll32
windows
github
remote
Exchange Exploit Leads to Domain Wide Ransomware
IntroIn late September, we observed an intrusion in which initial access was gained by the thr...
2021-11-15 11:06:59 | 阅读: 68 |
收藏
|
thedfirreport.com
exchange
microsoft
31207
34473
windows
From Zero to Domain Admin
IntroThis report will go through an intrusion from July that began with an email, which included a...
2021-11-01 09:57:41 | 阅读: 49 |
收藏
|
thedfirreport.com
cobalt
rundll32
windows
hancitor
powershell
IcedID to XingLocker Ransomware in 24 hours
IntroTowards the end of July, we observed an intrusion that began with IcedID malware and ended in...
2021-10-18 10:11:22 | 阅读: 152 |
收藏
|
thedfirreport.com
windows
defender
microsoft
software
powershell
BazarLoader and the Conti Leaks
IntroIn July, we observed an intrusion that started from a BazarLoader infection and lasted approx...
2021-10-04 10:30:53 | 阅读: 72 |
收藏
|
thedfirreport.com
zl
qz
cobalt
windows
network
Previous
2
3
4
5
6
7
8
9
Next