From A Single Click: How Lunar Spider Enabled A Near Two Month Intrusion
Key TakeawaysThe intrusion began with a Lunar Spider linked JavaScript file disguised as a tax form that downloaded and executed...
DFIR
Blurring The Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Key TakeawaysThe intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped...
From Bing Search To Ransomware: Bumblebee And Adaptixc2 Deliver Akira
OverviewBumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was...
Kongtuke Filefix Leads To New Interlock Rat Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware...
Another Confluence Bites The Dust: Falling To Elpaco Team Ransomware
Table of Contents:Case SummaryAnalystsInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCommand and ControlExfiltrationImpactTimelineDiamond ModelIndicatorsDetectionsMITRE ATT&CKCase SummaryIn late June 2024, an unpatched Confluence...
Navigating the Digital Crime Scene: An In-Depth Look at DFIR
In a world increasingly driven by technology, the intricacies of digital forensics and incident response (DFIR) have become paramount. DFIR...
