Click here to download all references as Bib-File.
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365 Lorenz |
2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
2021-04-22 ⋅ Twitter (@AltShiftPrtScn) ⋅ Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
2021-01-17 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |