Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-15The DFIR Report0xtornado, v3t0_
@online{0xtornado:20211115:exchange:2920728, author = {0xtornado and v3t0_}, title = {{Exchange Exploit Leads to Domain Wide Ransomware}}, date = {2021-11-15}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/}, language = {English}, urldate = {2021-11-17} } Exchange Exploit Leads to Domain Wide Ransomware
2021-11-01The DFIR Report@iiamaleks, @samaritan_o
@online{iiamaleks:20211101:from:2348d47, author = {@iiamaleks and @samaritan_o}, title = {{From Zero to Domain Admin}}, date = {2021-11-01}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/}, language = {English}, urldate = {2021-11-03} } From Zero to Domain Admin
Cobalt Strike Hancitor
2021-10-18The DFIR ReportThe DFIR Report
@online{report:20211018:icedid:0b574b0, author = {The DFIR Report}, title = {{IcedID to XingLocker Ransomware in 24 hours}}, date = {2021-10-18}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/}, language = {English}, urldate = {2021-10-22} } IcedID to XingLocker Ransomware in 24 hours
Cobalt Strike IcedID Mount Locker
2021-10-04The DFIR ReportThe DFIR Report
@online{report:20211004:bazarloader:fe3adf3, author = {The DFIR Report}, title = {{BazarLoader and the Conti Leaks}}, date = {2021-10-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/}, language = {English}, urldate = {2021-10-11} } BazarLoader and the Conti Leaks
BazarBackdoor Cobalt Strike Conti
2021-09-13The DFIR ReportThe DFIR Report
@online{report:20210913:bazarloader:5073703, author = {The DFIR Report}, title = {{BazarLoader to Conti Ransomware in 32 Hours}}, date = {2021-09-13}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/}, language = {English}, urldate = {2021-09-14} } BazarLoader to Conti Ransomware in 32 Hours
BazarBackdoor Cobalt Strike Conti
2021-08-29The DFIR ReportThe DFIR Report
@online{report:20210829:cobalt:1e4595e, author = {The DFIR Report}, title = {{Cobalt Strike, a Defender’s Guide}}, date = {2021-08-29}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/}, language = {English}, urldate = {2021-08-31} } Cobalt Strike, a Defender’s Guide
Cobalt Strike
2021-08-01The DFIR ReportThe DFIR Report
@online{report:20210801:bazarcall:bb6829b, author = {The DFIR Report}, title = {{BazarCall to Conti Ransomware via Trickbot and Cobalt Strike}}, date = {2021-08-01}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/}, language = {English}, urldate = {2021-08-02} } BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
BazarBackdoor Cobalt Strike Conti TrickBot
2021-07-19The DFIR ReportThe DFIR Report
@online{report:20210719:icedid:0365384, author = {The DFIR Report}, title = {{IcedID and Cobalt Strike vs Antivirus}}, date = {2021-07-19}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/}, language = {English}, urldate = {2021-07-20} } IcedID and Cobalt Strike vs Antivirus
Cobalt Strike IcedID
2021-06-28The DFIR ReportThe DFIR Report
@online{report:20210628:hancitor:b21cdd2, author = {The DFIR Report}, title = {{Hancitor Continues to Push Cobalt Strike}}, date = {2021-06-28}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/}, language = {English}, urldate = {2021-06-29} } Hancitor Continues to Push Cobalt Strike
Cobalt Strike Hancitor
2021-06-20The DFIR ReportThe DFIR Report
@online{report:20210620:from:aadb7e8, author = {The DFIR Report}, title = {{From Word to Lateral Movement in 1 Hour}}, date = {2021-06-20}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/}, language = {English}, urldate = {2021-06-22} } From Word to Lateral Movement in 1 Hour
Cobalt Strike IcedID
2021-06-03The DFIR ReportThe DFIR Report
@online{report:20210603:weblogic:a381570, author = {The DFIR Report}, title = {{WebLogic RCE Leads to XMRig}}, date = {2021-06-03}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/}, language = {English}, urldate = {2021-06-16} } WebLogic RCE Leads to XMRig
2021-05-12The DFIR Report
@online{report:20210512:conti:598c5f2, author = {The DFIR Report}, title = {{Conti Ransomware}}, date = {2021-05-12}, url = {https://thedfirreport.com/2021/05/12/conti-ransomware/}, language = {English}, urldate = {2021-05-13} } Conti Ransomware
Cobalt Strike Conti IcedID
2021-05-02The DFIR ReportThe DFIR Report
@online{report:20210502:trickbot:242b786, author = {The DFIR Report}, title = {{Trickbot Brief: Creds and Beacons}}, date = {2021-05-02}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/}, language = {English}, urldate = {2021-05-04} } Trickbot Brief: Creds and Beacons
Cobalt Strike TrickBot
2021-03-29The DFIR ReportThe DFIR Report
@online{report:20210329:sodinokibi:4c63e20, author = {The DFIR Report}, title = {{Sodinokibi (aka REvil) Ransomware}}, date = {2021-03-29}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/}, language = {English}, urldate = {2021-03-30} } Sodinokibi (aka REvil) Ransomware
Cobalt Strike IcedID REvil
2021-03-08The DFIR ReportThe DFIR Report
@online{report:20210308:bazar:ba050d7, author = {The DFIR Report}, title = {{Bazar Drops the Anchor}}, date = {2021-03-08}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/}, language = {English}, urldate = {2021-03-10} } Bazar Drops the Anchor
Anchor BazarBackdoor Cobalt Strike
2021-02-28The DFIR ReportThe DFIR Report
@online{report:20210228:laravel:d832ce6, author = {The DFIR Report}, title = {{Laravel Apps Leaking Secrets}}, date = {2021-02-28}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/02/28/laravel-debug-leaking-secrets/}, language = {English}, urldate = {2021-03-04} } Laravel Apps Leaking Secrets
2021-02-15Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210215:qakbot:f692e9c, author = {The DFIR Report}, title = {{Tweet on Qakbot post infection discovery activity}}, date = {2021-02-15}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1361331598344478727}, language = {English}, urldate = {2021-02-18} } Tweet on Qakbot post infection discovery activity
QakBot
2021-02-11Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210211:hancitor:9fa527e, author = {The DFIR Report}, title = {{Tweet on Hancitor Activity followed by cobaltsrike beacon}}, date = {2021-02-11}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1359669513520873473}, language = {English}, urldate = {2021-02-18} } Tweet on Hancitor Activity followed by cobaltsrike beacon
Cobalt Strike Hancitor
2021-02-02Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210202:recent:5272ed0, author = {The DFIR Report}, title = {{Tweet on recent dridex post infection activity}}, date = {2021-02-02}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1356729371931860992}, language = {English}, urldate = {2021-02-04} } Tweet on recent dridex post infection activity
Cobalt Strike Dridex
2021-01-31The DFIR ReportThe DFIR Report
@online{report:20210131:bazar:c3b3859, author = {The DFIR Report}, title = {{Bazar, No Ryuk?}}, date = {2021-01-31}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/01/31/bazar-no-ryuk/}, language = {English}, urldate = {2021-02-02} } Bazar, No Ryuk?
BazarBackdoor Cobalt Strike Ryuk