Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-04The DFIR ReportThe DFIR Report
@online{report:20211004:bazarloader:fe3adf3, author = {The DFIR Report}, title = {{BazarLoader and the Conti Leaks}}, date = {2021-10-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/}, language = {English}, urldate = {2021-10-11} } BazarLoader and the Conti Leaks
BazarBackdoor Cobalt Strike Conti
2021-09-13The DFIR ReportThe DFIR Report
@online{report:20210913:bazarloader:5073703, author = {The DFIR Report}, title = {{BazarLoader to Conti Ransomware in 32 Hours}}, date = {2021-09-13}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/}, language = {English}, urldate = {2021-09-14} } BazarLoader to Conti Ransomware in 32 Hours
BazarBackdoor Cobalt Strike Conti
2021-08-29The DFIR ReportThe DFIR Report
@online{report:20210829:cobalt:1e4595e, author = {The DFIR Report}, title = {{Cobalt Strike, a Defender’s Guide}}, date = {2021-08-29}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/}, language = {English}, urldate = {2021-08-31} } Cobalt Strike, a Defender’s Guide
Cobalt Strike
2021-08-01The DFIR ReportThe DFIR Report
@online{report:20210801:bazarcall:bb6829b, author = {The DFIR Report}, title = {{BazarCall to Conti Ransomware via Trickbot and Cobalt Strike}}, date = {2021-08-01}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/}, language = {English}, urldate = {2021-08-02} } BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
BazarBackdoor Cobalt Strike Conti TrickBot
2021-07-19The DFIR ReportThe DFIR Report
@online{report:20210719:icedid:0365384, author = {The DFIR Report}, title = {{IcedID and Cobalt Strike vs Antivirus}}, date = {2021-07-19}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/}, language = {English}, urldate = {2021-07-20} } IcedID and Cobalt Strike vs Antivirus
Cobalt Strike IcedID
2021-06-28The DFIR ReportThe DFIR Report
@online{report:20210628:hancitor:b21cdd2, author = {The DFIR Report}, title = {{Hancitor Continues to Push Cobalt Strike}}, date = {2021-06-28}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/}, language = {English}, urldate = {2021-06-29} } Hancitor Continues to Push Cobalt Strike
Cobalt Strike Hancitor
2021-06-20The DFIR ReportThe DFIR Report
@online{report:20210620:from:aadb7e8, author = {The DFIR Report}, title = {{From Word to Lateral Movement in 1 Hour}}, date = {2021-06-20}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/}, language = {English}, urldate = {2021-06-22} } From Word to Lateral Movement in 1 Hour
Cobalt Strike IcedID
2021-06-03The DFIR ReportThe DFIR Report
@online{report:20210603:weblogic:a381570, author = {The DFIR Report}, title = {{WebLogic RCE Leads to XMRig}}, date = {2021-06-03}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/}, language = {English}, urldate = {2021-06-16} } WebLogic RCE Leads to XMRig
2021-05-12The DFIR Report
@online{report:20210512:conti:598c5f2, author = {The DFIR Report}, title = {{Conti Ransomware}}, date = {2021-05-12}, url = {https://thedfirreport.com/2021/05/12/conti-ransomware/}, language = {English}, urldate = {2021-05-13} } Conti Ransomware
Cobalt Strike Conti IcedID
2021-05-02The DFIR ReportThe DFIR Report
@online{report:20210502:trickbot:242b786, author = {The DFIR Report}, title = {{Trickbot Brief: Creds and Beacons}}, date = {2021-05-02}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/}, language = {English}, urldate = {2021-05-04} } Trickbot Brief: Creds and Beacons
Cobalt Strike TrickBot
2021-03-29The DFIR ReportThe DFIR Report
@online{report:20210329:sodinokibi:4c63e20, author = {The DFIR Report}, title = {{Sodinokibi (aka REvil) Ransomware}}, date = {2021-03-29}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/}, language = {English}, urldate = {2021-03-30} } Sodinokibi (aka REvil) Ransomware
Cobalt Strike IcedID REvil
2021-03-08The DFIR ReportThe DFIR Report
@online{report:20210308:bazar:ba050d7, author = {The DFIR Report}, title = {{Bazar Drops the Anchor}}, date = {2021-03-08}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/}, language = {English}, urldate = {2021-03-10} } Bazar Drops the Anchor
Anchor BazarBackdoor Cobalt Strike
2021-02-28The DFIR ReportThe DFIR Report
@online{report:20210228:laravel:d832ce6, author = {The DFIR Report}, title = {{Laravel Apps Leaking Secrets}}, date = {2021-02-28}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/02/28/laravel-debug-leaking-secrets/}, language = {English}, urldate = {2021-03-04} } Laravel Apps Leaking Secrets
2021-02-15Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210215:qakbot:f692e9c, author = {The DFIR Report}, title = {{Tweet on Qakbot post infection discovery activity}}, date = {2021-02-15}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1361331598344478727}, language = {English}, urldate = {2021-02-18} } Tweet on Qakbot post infection discovery activity
QakBot
2021-02-11Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210211:hancitor:9fa527e, author = {The DFIR Report}, title = {{Tweet on Hancitor Activity followed by cobaltsrike beacon}}, date = {2021-02-11}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1359669513520873473}, language = {English}, urldate = {2021-02-18} } Tweet on Hancitor Activity followed by cobaltsrike beacon
Cobalt Strike Hancitor
2021-02-02Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210202:recent:5272ed0, author = {The DFIR Report}, title = {{Tweet on recent dridex post infection activity}}, date = {2021-02-02}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1356729371931860992}, language = {English}, urldate = {2021-02-04} } Tweet on recent dridex post infection activity
Cobalt Strike Dridex
2021-01-31The DFIR ReportThe DFIR Report
@online{report:20210131:bazar:c3b3859, author = {The DFIR Report}, title = {{Bazar, No Ryuk?}}, date = {2021-01-31}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/01/31/bazar-no-ryuk/}, language = {English}, urldate = {2021-02-02} } Bazar, No Ryuk?
BazarBackdoor Cobalt Strike Ryuk
2021-01-18The DFIR ReportThe DFIR Report
@online{report:20210118:all:daed9a4, author = {The DFIR Report}, title = {{All That for a Coinminer?}}, date = {2021-01-18}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/01/18/all-that-for-a-coinminer/}, language = {English}, urldate = {2021-01-21} } All That for a Coinminer?
Coinminer Monero Miner
2021-01-11The DFIR ReportThe DFIR Report
@online{report:20210111:trickbot:d1011f9, author = {The DFIR Report}, title = {{Trickbot Still Alive and Well}}, date = {2021-01-11}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/}, language = {English}, urldate = {2021-01-11} } Trickbot Still Alive and Well
Cobalt Strike TrickBot
2020-12-13The DFIR ReportThe DFIR Report
@online{report:20201213:defender:3c33570, author = {The DFIR Report}, title = {{Defender Control}}, date = {2020-12-13}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2020/12/13/defender-control/}, language = {English}, urldate = {2020-12-14} } Defender Control