Click here to download all references as Bib-File.•
| 2021-08-05
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |
| 2021-08-05
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365 Lorenz |
| 2021-07-21
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
| 2021-06-12
⋅
Twitter (@AltShiftPrtScn)
⋅
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
| 2021-04-22
⋅
Twitter (@AltShiftPrtScn)
⋅
Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
| 2021-01-17
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |