Click here to download all references as Bib-File.•
| 2025-01-27
⋅
The DFIR Report
⋅
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware GhostSocks LockBit SystemBC |
| 2024-09-30
⋅
The DFIR Report
⋅
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware BlackCat Nitrogen Loader Sliver |
| 2024-08-26
⋅
The DFIR Report
⋅
BlackSuit Ransomware BlackSuit Cobalt Strike SystemBC |
| 2024-04-29
⋅
The DFIR Report
⋅
From IcedID to Dagon Locker Ransomware in 29 Days IcedID Mount Locker |
| 2024-04-01
⋅
The DFIR Report
⋅
From OneNote to RansomNote: An Ice Cold Intrusion Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader |
| 2024-02-26
⋅
The DFIR Report
⋅
SEO Poisoning to Domain Control: The Gootloader Saga Continues GootLoader |
| 2023-12-04
⋅
The DFIR Report
⋅
SQL Brute Force leads to Bluesky Ransomware BlueSky Cobalt Strike |
| 2023-08-28
⋅
The DFIR Report
⋅
HTML Smuggling Leads to Domain Wide Ransomware Cobalt Strike IcedID Nokoyawa Ransomware |
| 2023-06-12
⋅
The DFIR Report
⋅
A Truly Graceful Wipe Out FlawedGrace Silence |
| 2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
| 2023-05-22
⋅
The DFIR Report
⋅
IcedID Macro Ends in Nokoyawa Ransomware IcedID Nokoyawa Ransomware PhotoLoader |
| 2023-04-03
⋅
The DFIR Report
⋅
Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
| 2023-01-09
⋅
The DFIR Report
⋅
Unwrapping Ursnifs Gifts ISFB |
| 2022-11-28
⋅
The DFIR Report
⋅
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
| 2022-09-26
⋅
The DFIR Report
⋅
BumbleBee: Round Two BumbleBee Cobalt Strike Meterpreter |
| 2022-09-12
⋅
The DFIR Report
⋅
Dead or Alive? An Emotet Story Cobalt Strike Emotet |
| 2022-08-08
⋅
The DFIR Report
⋅
BumbleBee Roasts Its Way to Domain Admin BumbleBee Cobalt Strike |
| 2022-07-11
⋅
The DFIR Report
⋅
SELECT XMRig FROM SQLServer Bondnet |
| 2022-06-06
⋅
The DFIR Report
⋅
Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration |
| 2022-05-09
⋅
The DFIR Report
⋅
SEO Poisoning – A Gootloader Story GootLoader LaZagne Cobalt Strike GootKit |