Click here to download all references as Bib-File.
2021-06-28 ⋅ The DFIR Report ⋅ Hancitor Continues to Push Cobalt Strike Cobalt Strike Hancitor |
2021-06-20 ⋅ The DFIR Report ⋅ From Word to Lateral Movement in 1 Hour Cobalt Strike IcedID |
2021-06-03 ⋅ The DFIR Report ⋅ WebLogic RCE Leads to XMRig |
2021-05-12 ⋅ Conti Ransomware Cobalt Strike Conti IcedID |
2021-05-02 ⋅ The DFIR Report ⋅ Trickbot Brief: Creds and Beacons Cobalt Strike TrickBot |
2021-03-29 ⋅ The DFIR Report ⋅ Sodinokibi (aka REvil) Ransomware Cobalt Strike IcedID REvil |
2021-03-08 ⋅ The DFIR Report ⋅ Bazar Drops the Anchor Anchor BazarBackdoor Cobalt Strike |
2021-02-28 ⋅ The DFIR Report ⋅ Laravel Apps Leaking Secrets |
2021-02-15 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on Qakbot post infection discovery activity QakBot |
2021-02-11 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on Hancitor Activity followed by cobaltsrike beacon Cobalt Strike Hancitor |
2021-02-02 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on recent dridex post infection activity Cobalt Strike Dridex |
2021-01-31 ⋅ The DFIR Report ⋅ Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
2021-01-18 ⋅ The DFIR Report ⋅ All That for a Coinminer? Coinminer Monero Miner |
2021-01-11 ⋅ The DFIR Report ⋅ Trickbot Still Alive and Well Cobalt Strike TrickBot |
2020-12-13 ⋅ The DFIR Report ⋅ Defender Control |
2020-11-23 ⋅ The DFIR Report ⋅ PYSA/Mespinoza Ransomware Empire Downloader Mespinoza |
2020-11-12 ⋅ The DFIR Report ⋅ Cryptominers Exploiting WebLogic RCE CVE-2020-14882 |
2020-11-05 ⋅ The DFIR Report ⋅ Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
2020-10-18 ⋅ The DFIR Report ⋅ Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
2020-10-08 ⋅ The DFIR Report ⋅ Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |