unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
BazarLoader to Conti Ransomware in 32 Hours
IntroConti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2...
2021-09-13 09:15:57 | 阅读: 110 |
收藏
|
thedfirreport.com
windows
cobalt
dllhost
powershell
beacon
Cobalt Strike, a Defender’s Guide
IntroIn our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well a...
2021-08-30 08:36:36 | 阅读: 75 |
收藏
|
thedfirreport.com
cobalt
trojan
c2
beacon
remote
Trickbot Deploys a Fake 1Password Installer
Intro Over the past years, Trickbot has established itself as modular and multifunctional malwa...
2021-08-16 09:16:38 | 阅读: 58 |
收藏
|
thedfirreport.com
windows
siksf
nhmveo
runonce
aqvmr
Trickbot Leads Up to Fake 1Password Installation
Intro Over the past years, Trickbot has established itself as modular and multifunctional malwa...
2021-08-16 09:16:38 | 阅读: 29 |
收藏
|
thedfirreport.com
windows
siksf
nhmveo
runonce
aqvmr
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
IntroThis report will go through an intrusion that went from an Excel file to domain wide ranso...
2021-08-02 07:47:29 | 阅读: 62 |
收藏
|
thedfirreport.com
windows
sigma
github
sigmahq
powershell
IcedID and Cobalt Strike vs Antivirus
IntroAlthough IcedID was originally discovered back in 2017, it did not gain in popularity unti...
2021-07-19 09:25:47 | 阅读: 105 |
收藏
|
thedfirreport.com
cobalt
adfind
icedid
beacon
windows
Hancitor Continues to Push Cobalt Strike
First observed in 2014, Hancitor (also known as Chanitor and Tordal) is a downloader trojan tha...
2021-06-28 10:28:27 | 阅读: 153 |
收藏
|
thedfirreport.com
rundll32
cobalt
c2
hancitor
beacon
From Word to Lateral Movement in 1 Hour
Introduction In May 2021, we observed a threat actor conducting an intrusion utilizing the Iced...
2021-06-21 08:27:55 | 阅读: 218 |
收藏
|
thedfirreport.com
icedid
testsubnet
wuauclt
powershell
adfind
WebLogic RCE Leads to XMRig
IntroThis report will review an intrusion where, the threat actor took advantage of a WebLogic...
2021-06-03 09:57:26 | 阅读: 207 |
收藏
|
thedfirreport.com
powershell
weblogic
payload
attacker
14882
Conti Ransomware
IntroductionFirst seen in May 2020, Conti ransomware has quickly become one of the most common...
2021-05-12 10:20:17 | 阅读: 202 |
收藏
|
thedfirreport.com
windows
tempora
cobalt
ut
temporibus
Trickbot Brief: Creds and Beacons
Intro“TrickBot malware—first identified in 2016—is a Trojan developed and operated by a sophis...
2021-05-03 08:42:46 | 阅读: 165 |
收藏
|
thedfirreport.com
449
cobalt
c2
beacon
rundll32
Sodinokibi (aka REvil) Ransomware
IntroSodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) gr...
2021-03-29 09:43:09 | 阅读: 174 |
收藏
|
thedfirreport.com
domainname
exchange
Bazar Drops the Anchor
IntroThe malware identified as Anchor first entered the scene in late 2018 and has been linked...
2021-03-08 11:09:34 | 阅读: 113 |
收藏
|
thedfirreport.com
microsoft
anchordns
windows
anchor
cobalt
Laravel Apps Leaking Secrets
An attacker logged in through RDP a few days ago to run a “smtp cracker” that scans a list of IP...
2021-03-01 03:54:02 | 阅读: 126 |
收藏
|
thedfirreport.com
cracker
attacker
sendgrid
partial
twilio
Bazar, No Ryuk?
IntroIn the fall of 2020, Bazar came to prominence when several campaigns delivered Ryuk ransom...
2021-02-01 08:58:23 | 阅读: 100 |
收藏
|
thedfirreport.com
cobalt
windows
bazar
powershell
rundll32
All That for a Coinminer?
A threat actor recently brute forced a local administrator password using RDP and then dumped cr...
2021-01-19 08:53:31 | 阅读: 101 |
收藏
|
thedfirreport.com
kuhl
lsadump
mimikatz
svshost
xmrig
Trickbot Still Alive and Well
In October of 2020, the group behind the infamous botnet known as Trickbot had a bad few days. T...
2021-01-11 11:37:17 | 阅读: 113 |
收藏
|
thedfirreport.com
windows
cobalt
449
goodware
occured
Defender Control
Defender Control is a free software utility we’ve come across in various intrusions. The creator...
2020-12-14 07:00:09 | 阅读: 101 |
收藏
|
thedfirreport.com
defender
windows
microsoft
dfir
PYSA/Mespinoza Ransomware
IntroOver the course of 8 hours the PYSA/Mespinoza threat actors used Empire and Koadic as well...
2020-11-23 11:47:31 | 阅读: 112 |
收藏
|
thedfirreport.com
koadic
powershell
windows
c2
defender
Cryptominers Exploiting WebLogic RCE CVE-2020-14882
IntroTowards the end of October, we started seeing attackers take advantage of a WebLogic RCE v...
2020-11-12 09:23:53 | 阅读: 98 |
收藏
|
thedfirreport.com
miner
xmrig
powershell
payload
windows
Previous
3
4
5
6
7
8
9
10
Next