Click here to download all references as Bib-File.
2021-02-11 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on Hancitor Activity followed by cobaltsrike beacon Cobalt Strike Hancitor |
2021-02-02 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on recent dridex post infection activity Cobalt Strike Dridex |
2021-01-31 ⋅ The DFIR Report ⋅ Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
2021-01-18 ⋅ The DFIR Report ⋅ All That for a Coinminer? Coinminer Monero Miner |
2021-01-11 ⋅ The DFIR Report ⋅ Trickbot Still Alive and Well Cobalt Strike TrickBot |
2020-12-13 ⋅ The DFIR Report ⋅ Defender Control |
2020-11-23 ⋅ The DFIR Report ⋅ PYSA/Mespinoza Ransomware Empire Downloader Mespinoza |
2020-11-12 ⋅ The DFIR Report ⋅ Cryptominers Exploiting WebLogic RCE CVE-2020-14882 |
2020-11-05 ⋅ The DFIR Report ⋅ Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
2020-10-18 ⋅ The DFIR Report ⋅ Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
2020-10-08 ⋅ The DFIR Report ⋅ Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |
2020-08-31 ⋅ The DFIR Report ⋅ NetWalker Ransomware in 1 Hour Cobalt Strike Mailto MimiKatz |
2020-08-03 ⋅ Dridex – From Word to Domain Dominance Dridex |
2020-06-21 ⋅ The DFIR Report ⋅ Snatch Ransomware Snatch |
2020-06-16 ⋅ The DFIR Report ⋅ The Little Ransomware That Couldn’t (Dharma) Dharma |
2020-04-24 ⋅ The DFIR Report ⋅ Ursnif via LOLbins Cobalt Strike LOLSnif TeamSpy |