Click here to download all references as Bib-File.
2023-05-22 ⋅ The DFIR Report ⋅ IcedID Macro Ends in Nokoyawa Ransomware IcedID Nokoyawa Ransomware |
2023-04-03 ⋅ The DFIR Report ⋅ Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
2023-01-09 ⋅ The DFIR Report ⋅ Unwrapping Ursnifs Gifts ISFB |
2022-11-28 ⋅ The DFIR Report ⋅ Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
2022-09-26 ⋅ The DFIR Report ⋅ BumbleBee: Round Two BumbleBee Cobalt Strike Meterpreter |
2022-09-12 ⋅ The DFIR Report ⋅ Dead or Alive? An Emotet Story Cobalt Strike Emotet |
2022-08-08 ⋅ The DFIR Report ⋅ BumbleBee Roasts Its Way to Domain Admin BumbleBee Cobalt Strike |
2022-07-11 ⋅ The DFIR Report ⋅ SELECT XMRig FROM SQLServer |
2022-06-06 ⋅ The DFIR Report ⋅ Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration |
2022-05-09 ⋅ The DFIR Report ⋅ SEO Poisoning – A Gootloader Story GootLoader LaZagne Cobalt Strike GootKit |
2022-04-25 ⋅ The DFIR Report ⋅ Quantum Ransomware Cobalt Strike IcedID |
2022-04-04 ⋅ The DFIR Report ⋅ Stolen Images Campaign Ends in Conti Ransomware Conti IcedID |
2022-03-21 ⋅ The DFIR Report ⋅ APT35 Automates Initial Access Using ProxyShell |
2022-03-07 ⋅ The DFIR Report ⋅ 2021 Year In Review Cobalt Strike |
2022-03-01 ⋅ Twitter (@TheDFIRReport) ⋅ Twitter thread with highlights from conti leaks Conti |
2022-02-21 ⋅ Qbot and Zerologon Lead To Full Domain Compromise Cobalt Strike QakBot |
2022-02-07 ⋅ The DFIR Report ⋅ Qbot Likes to Move It, Move It QakBot |
2022-01-24 ⋅ The DFIR Report ⋅ Cobalt Strike, a Defender’s Guide – Part 2 Cobalt Strike |
2021-12-13 ⋅ The DFIR Report ⋅ Diavol Ransomware BazarBackdoor Conti Diavol |
2021-11-29 ⋅ The DFIR Report ⋅ CONTInuing the Bazar Ransomware Story BazarBackdoor Cobalt Strike Conti |