unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Inside the Open Directory of the “You Dun” Threat Group
Key TakeawaysAnalysis of an open directory found a Chinese speaking threat actor’s tool...
2024-10-28 09:5:30 | 阅读: 19 |
收藏
|
The DFIR Report - thedfirreport.com
cobalt
taowu
viper
ladon911
f8x
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Key TakeawaysIn November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen...
2024-9-30 08:45:53 | 阅读: 15 |
收藏
|
The DFIR Report - thedfirreport.com
windows
sliver
x90
cobalt
safeboot
BlackSuit Ransomware
Key TakeawaysIn December 2023, we observed an intrusion that started with the execution of a Cob...
2024-8-26 08:32:35 | 阅读: 24 |
收藏
|
Over Security - Cybersecurity news aggregator - thedfirreport.com
0x0002
cobalt
0x0003
windows
x0f
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Key TakeawaysIn early December of 2023, we discovered an open directory filled with batch script...
2024-8-12 10:1:56 | 阅读: 16 |
收藏
|
Over Security - Cybersecurity news aggregator - thedfirreport.com
windows
atera
poshc2
rem
delite
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
Key TakeawaysIn October 2023, we observed an intrusion that began with a spam campaign, distribu...
2024-6-10 08:44:23 | 阅读: 18 |
收藏
|
The DFIR Report - thedfirreport.com
cobalt
0x0002
icedid
0x0003
From IcedID to Dagon Locker Ransomware in 29 Days
Key TakeawaysIn late August 2023, we observed an intrusion that started with a phishing campaign...
2024-4-29 09:21:8 | 阅读: 70 |
收藏
|
The DFIR Report - thedfirreport.com
cobalt
powershell
windows
0x0002
icedid
From OneNote to RansomNote: An Ice Cold Intrusion
Key TakeawaysIn late February 2023, threat actors rode a wave of initial access using Micro...
2024-4-1 08:4:14 | 阅读: 56 |
收藏
|
The DFIR Report - thedfirreport.com
icedid
cobalt
ransomware
windows
beacon
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE
Skip to contentBelow is a recent Threat Brief that we shared with our customers. Each year, we...
2024-3-4 09:22:8 | 阅读: 23 |
收藏
|
The DFIR Report - thedfirreport.com
briefs
ruleset
navigation
identify
security
SEO Poisoning to Domain Control: The Gootloader Saga Continues
Key TakeawaysIn February 2023, we detected an intrusion that was initiated by a user downloading...
2024-2-26 08:39:52 | 阅读: 90 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
cobalt
beacon
gootloader
remote
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key TakeawaysIn late December 2022, we observed threat actors exploiting a publicly exposed Remo...
2024-1-29 08:52:11 | 阅读: 90 |
收藏
|
The DFIR Report - thedfirreport.com
windows
defender
remote
network
microsoft
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a pe...
2023-12-18 09:6:14 | 阅读: 68 |
收藏
|
The DFIR Report - thedfirreport.com
sliver
windows
nuclei
beacons
powershell
SQL Brute Force leads to Bluesky Ransomware
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in Blue...
2023-12-4 09:55:56 | 阅读: 57 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
windows
x90
tor2mine
microsoft
Netsupport Intrusion Results in Domain Compromise
NetSupport Manager is one of the oldest third-party remote access tools still currently on the mar...
2023-10-30 08:38:56 | 阅读: 83 |
收藏
|
The DFIR Report - thedfirreport.com
netsupport
windows
powershell
ssh
remote
From ScreenConnect to Hive Ransomware in 61 hours
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Mo...
2023-9-25 08:58:24 | 阅读: 79 |
收藏
|
The DFIR Report - thedfirreport.com
powershell
windows
network
cobalt
HTML Smuggling Leads to Domain Wide Ransomware
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Exc...
2023-8-28 08:22:33 | 阅读: 95 |
收藏
|
The DFIR Report - thedfirreport.com
icedid
ransomware
cobalt
rundll32
network
A Truly Graceful Wipe Out
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and Flaw...
2023-6-12 09:6:26 | 阅读: 95 |
收藏
|
The DFIR Report - thedfirreport.com
flawedgrace
windows
cobalt
truebot
postex
IcedID Macro Ends in Nokoyawa Ransomware
Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or...
2023-5-22 09:4:22 | 阅读: 120 |
收藏
|
The DFIR Report - thedfirreport.com
windows
icedid
cobalt
x90
u003d
Malicious ISO File Leads to Domain Wide Ransomware
IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activi...
2023-4-3 09:27:10 | 阅读: 191 |
收藏
|
The DFIR Report - thedfirreport.com
windows
cobalt
powershell
beacon
rundll32
2022 Year in Review
As we move into the new year, it’s important to reflect on some of the key changes and development...
2023-3-6 10:37:40 | 阅读: 70 |
收藏
|
The DFIR Report - thedfirreport.com
ransomware
remote
cobalt
bumblebee
windows
Collect, Exfiltrate, Sleep, Repeat
In this intrusion from August 2022, we observed a compromise that was initiated with a Word docume...
2023-2-6 09:26:23 | 阅读: 38 |
收藏
|
The DFIR Report - thedfirreport.com
windows
powershell
childitem
inp
ahk
Previous
-25
-24
-23
-22
-21
-20
-19
-18
Next