unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
ShareFinder: How Threat Actors Discover File Shares
Many of our reports focus on adversarial Tactics, Techniques, and Procedures (TTPs) along with the...
2023-1-23 09:11:17 | 阅读: 41 |
收藏
|
The DFIR Report - thedfirreport.com
network
sharefinder
powershell
queried
sigma
Unwrapping Ursnifs Gifts
In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobal...
2023-1-9 10:16:40 | 阅读: 58 |
收藏
|
The DFIR Report - thedfirreport.com
bd2c
bin1
ursnif
windows
cobalt
Emotet Strikes Again – Lnk File Leads to Domain Wide Ransomware
In June of 2022, we observed a threat actor gaining access to an environment via Emotet and operat...
2022-11-28 09:13:34 | 阅读: 94 |
收藏
|
thedfirreport.com
cobalt
remote
windows
rmm
feodo
BumbleBee Zeros in on Meterpreter
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector fro...
2022-11-14 09:48:26 | 阅读: 33 |
收藏
|
thedfirreport.com
bumblebee
cobalt
windows
bypass
rundll32
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploit...
2022-10-31 08:47:53 | 阅读: 40 |
收藏
|
thedfirreport.com
995
qbot
2222
remote
windows
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. Bu...
2022-9-26 09:5:36 | 阅读: 43 |
收藏
|
thedfirreport.com
windows
bumblebee
rundll32
remote
x90
Dead or Alive? An Emotet Story
In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware...
2022-9-12 08:32:41 | 阅读: 42 |
收藏
|
thedfirreport.com
hxxps
cobalt
windows
nocase
network
BumbleBee Roasts Its Way to Domain Admin
In this intrusion from April 2022, the threat actors used BumbleBee as the initial access vector....
2022-8-8 09:36:3 | 阅读: 78 |
收藏
|
thedfirreport.com
vulnrecon
windows
cobalt
0x0002
0x0003
SELECT XMRig FROM SQLServer
In March 2022, we observed an intrusion on a public-facing Microsoft SQL Server. The end goal of t...
2022-7-11 09:51:24 | 阅读: 47 |
收藏
|
thedfirreport.com
windows
taskkill
miner
bigfile
microsoft
SANS Ransomware Summit 2022, Can You Detect This?
This report is a companion to the SANS Ransomware Summit 2022 “Can You Detect This” presentation t...
2022-6-16 22:20:39 | 阅读: 59 |
收藏
|
thedfirreport.com
sigma
github
windows
sigmahq
dfir
Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
In this multi-day intrusion, we observed a threat actor gain initial access to an organization b...
2022-6-6 09:28:7 | 阅读: 77 |
收藏
|
thedfirreport.com
msiexec
windows
powershell
ssh
fm2
SEO Poisoning – A Gootloader Story
In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initia...
2022-5-9 09:53:53 | 阅读: 54 |
收藏
|
thedfirreport.com
powershell
cobalt
uo
beacon
windows
Quantum Ransomware
In one of the fastest ransomware cases we have observed, in under four hours the threat actors wen...
2022-4-25 09:16:30 | 阅读: 75 |
收藏
|
thedfirreport.com
windows
cobalt
icedid
ransomware
beacon
Stolen Images Campaign Ends in Conti Ransomware
In this intrusion from December 2021, the threat actors utilized IcedID as the initial access vect...
2022-4-4 09:6:56 | 阅读: 74 |
收藏
|
thedfirreport.com
cobalt
windows
beacon
icedid
c2
APT35 Automates Initial Access Using ProxyShell
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabil...
2022-3-21 09:55:6 | 阅读: 56 |
收藏
|
thedfirreport.com
windows
sigma
sigmahq
github
powershell
2021 Year In Review
As we come to the end of the first quarter of 2022, we want to take some time to look back over ou...
2022-3-7 10:30:33 | 阅读: 36 |
收藏
|
thedfirreport.com
ransomware
cobalt
windows
intrusions
security
Qbot and Zerologon Lead To Full Domain Compromise
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environm...
2022-2-21 10:4:48 | 阅读: 50 |
收藏
|
thedfirreport.com
qbot
windows
zerologon
cobalt
occured
Qbot Likes to Move It, Move It
Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed...
2022-2-7 09:2:36 | 阅读: 56 |
收藏
|
thedfirreport.com
qbot
windows
microsoft
regsvr32
Cobalt Strike, a Defender’s Guide – Part 2
Our previous article on Cobalt Strike focused on the most frequently used capabilities that we...
2022-1-24 11:3:49 | 阅读: 83 |
收藏
|
thedfirreport.com
cobalt
c2
beacon
jarm
ja3
Diavol Ransomware
In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported o...
2021-12-13 11:13:31 | 阅读: 127 |
收藏
|
thedfirreport.com
windows
rubeus
cobalt
ransomware
rundll32
Previous
2
3
4
5
6
7
8
9
Next