Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-23The DFIR ReportThe DFIR Report
@online{report:20201123:pysamespinoza:f0f2544, author = {The DFIR Report}, title = {{PYSA/Mespinoza Ransomware}}, date = {2020-11-23}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/}, language = {English}, urldate = {2021-01-21} } PYSA/Mespinoza Ransomware
Empire Downloader Mespinoza
2020-11-12The DFIR ReportThe DFIR Report
@online{report:20201112:cryptominers:b1b71b5, author = {The DFIR Report}, title = {{Cryptominers Exploiting WebLogic RCE CVE-2020-14882}}, date = {2020-11-12}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/}, language = {English}, urldate = {2020-11-18} } Cryptominers Exploiting WebLogic RCE CVE-2020-14882
2020-11-05The DFIR ReportThe DFIR Report
@online{report:20201105:ryuk:ceaa823, author = {The DFIR Report}, title = {{Ryuk Speed Run, 2 Hours to Ransom}}, date = {2020-11-05}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/}, language = {English}, urldate = {2020-11-06} } Ryuk Speed Run, 2 Hours to Ransom
BazarBackdoor Cobalt Strike Ryuk
2020-10-18The DFIR ReportThe DFIR Report
@online{report:20201018:ryuk:fbaadb8, author = {The DFIR Report}, title = {{Ryuk in 5 Hours}}, date = {2020-10-18}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/}, language = {English}, urldate = {2020-10-19} } Ryuk in 5 Hours
BazarBackdoor Cobalt Strike Ryuk
2020-10-08The DFIR ReportThe DFIR Report
@online{report:20201008:ryuks:e47d8fa, author = {The DFIR Report}, title = {{Ryuk’s Return}}, date = {2020-10-08}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/10/08/ryuks-return/}, language = {English}, urldate = {2020-10-09} } Ryuk’s Return
BazarBackdoor Cobalt Strike Ryuk
2020-08-31The DFIR ReportThe DFIR Report
@online{report:20200831:netwalker:29a1511, author = {The DFIR Report}, title = {{NetWalker Ransomware in 1 Hour}}, date = {2020-08-31}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/08/31/netwalker-ransomware-in-1-hour/}, language = {English}, urldate = {2020-08-31} } NetWalker Ransomware in 1 Hour
Cobalt Strike Mailto MimiKatz
2020-08-03The DFIR Report
@online{report:20200803:dridex:165cf39, author = {The DFIR Report}, title = {{Dridex – From Word to Domain Dominance}}, date = {2020-08-03}, url = {https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/}, language = {English}, urldate = {2020-08-05} } Dridex – From Word to Domain Dominance
Dridex
2020-06-21The DFIR ReportThe DFIR Report
@online{report:20200621:snatch:6d2d641, author = {The DFIR Report}, title = {{Snatch Ransomware}}, date = {2020-06-21}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/06/21/snatch-ransomware/}, language = {English}, urldate = {2020-06-22} } Snatch Ransomware
Snatch
2020-06-16The DFIR ReportThe DFIR Report
@online{report:20200616:little:bc50ff0, author = {The DFIR Report}, title = {{The Little Ransomware That Couldn’t (Dharma)}}, date = {2020-06-16}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/06/16/the-little-ransomware-that-couldnt-dharma/}, language = {English}, urldate = {2020-06-16} } The Little Ransomware That Couldn’t (Dharma)
Dharma
2020-04-24The DFIR ReportThe DFIR Report
@online{report:20200424:ursnif:e983798, author = {The DFIR Report}, title = {{Ursnif via LOLbins}}, date = {2020-04-24}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/04/24/ursnif-via-lolbins/}, language = {English}, urldate = {2021-03-16} } Ursnif via LOLbins
Cobalt Strike LOLSnif TeamSpy