Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-05-19The DFIR Report0xtornado, pcsc0ut, Randy Pargman
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Mimic Ransomware MimiKatz
2025-01-27The DFIR ReportMittenSec, MyDFIR, r3nzsec
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
GhostSocks LockBit SystemBC
2024-09-30The DFIR ReportThe DFIR Report
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
BlackCat Nitrogen Loader Sliver
2024-08-26The DFIR ReportThe DFIR Report
BlackSuit Ransomware
BlackSuit Cobalt Strike SystemBC
2024-04-29The DFIR ReportThe DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
IcedID Mount Locker
2024-04-01The DFIR ReportThe DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion
Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader
2024-02-26The DFIR ReportThe DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues
GootLoader
2023-12-04The DFIR ReportThe DFIR Report
SQL Brute Force leads to Bluesky Ransomware
BlueSky Cobalt Strike
2023-08-28The DFIR ReportThe DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware
Cobalt Strike IcedID Nokoyawa Ransomware
2023-06-12The DFIR ReportMaxime Thiebaut
A Truly Graceful Wipe Out
FlawedGrace Silence
2023-06-10The DFIR ReportThe DFIR Report
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
BlackCat Cobalt Strike IcedID
2023-05-22The DFIR ReportThe DFIR Report
IcedID Macro Ends in Nokoyawa Ransomware
IcedID Nokoyawa Ransomware PhotoLoader
2023-04-03The DFIR ReportThe DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware
Cobalt Strike IcedID Mount Locker
2023-01-09The DFIR ReportThe DFIR Report
Unwrapping Ursnifs Gifts
ISFB
2022-11-28The DFIR ReportThe DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker
2022-09-26The DFIR ReportThe DFIR Report
BumbleBee: Round Two
BumbleBee Cobalt Strike Meterpreter
2022-09-12The DFIR ReportThe DFIR Report
Dead or Alive? An Emotet Story
Cobalt Strike Emotet
2022-08-08The DFIR ReportThe DFIR Report
BumbleBee Roasts Its Way to Domain Admin
BumbleBee Cobalt Strike
2022-07-11The DFIR ReportThe DFIR Report
SELECT XMRig FROM SQLServer
Bondnet
2022-06-06The DFIR ReportThe DFIR Report
Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration