Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210805:conti:8ba71b6, author = {Peter Mackenzie}, title = {{Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access}}, date = {2021-08-05}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1423188974298861571}, language = {English}, urldate = {2021-08-06} } Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210805:lorenz:c5b406d, author = {Peter Mackenzie}, title = {{Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365}}, date = {2021-08-05}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1423190900516302860?s=20}, language = {English}, urldate = {2021-08-06} } Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365
Lorenz
2021-07-21Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210721:conti:085858b, author = {Peter Mackenzie}, title = {{Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment}}, date = {2021-07-21}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1417849181012647938}, language = {English}, urldate = {2021-07-22} } Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti
2021-06-12Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210612:thread:eac742a, author = {Peter Mackenzie}, title = {{A thread on RagnarLocker ransomware group's TTP seen in an Incident Response}}, date = {2021-06-12}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1403707430765273095}, language = {English}, urldate = {2021-06-21} } A thread on RagnarLocker ransomware group's TTP seen in an Incident Response
Cobalt Strike RagnarLocker
2021-04-22Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210422:twwet:62355c6, author = {Peter Mackenzie}, title = {{Twwet On TTPs seen in IR used by DOPPEL SPIDER}}, date = {2021-04-22}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1385103712918642688}, language = {English}, urldate = {2021-05-25} } Twwet On TTPs seen in IR used by DOPPEL SPIDER
Cobalt Strike DoppelPaymer
2021-01-17Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210117:conti:db7f1cb, author = {Peter Mackenzie}, title = {{Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders}}, date = {2021-01-17}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1350755169965924352}, language = {English}, urldate = {2021-01-21} } Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders
Cobalt Strike Conti