logo

The DFIR Report

ID: 38d6fa97-6639-537a-8421-99d62d7aa360

STIX ID: identity--38d6fa97-6639-537a-8421-99d62d7aa360

Feed Type: rss

Earliest post: 2023-02-06

Latest post: 2026-05-11

The DFIR Report blog shares real-world digital forensics and incident response case studies, malware analysis, and threat investigations to help security practitioners learn from actual attacks and sharpen their defensive skills.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware2026-05-11TrueeditorTrue
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting2026-04-22TrueeditorTrue
Apache ActiveMQ Exploit Leads to LockBit Ransomware2026-02-23TrueeditorTrue
Cat’s Got Your Files: Lynx Ransomware2025-12-17TrueeditorTrue
Cat’s Got Your Files: Lynx Ransomware2025-11-17TrueeditorTrue
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira2025-11-04TrueeditorTrue
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion2025-09-29TrueeditorTrue
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs2025-09-08TrueeditorTrue
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira2025-08-05TrueeditorTrue
KongTuke FileFix Leads to New Interlock RAT Variant2025-07-14TrueeditorTrue
Hide Your RDP: Password Spray Leads to RansomHub Deployment2025-06-30TrueeditorTrue
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware2025-05-19TrueeditorTrue
Navigating Through The Fog2025-04-28TrueeditorTrue
Fake Zoom Ends in BlackSuit Ransomware2025-03-31TrueeditorTrue
Confluence Exploit Leads to LockBit Ransomware2025-02-24TrueeditorTrue
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware2025-01-27TrueeditorTrue
The Curious Case of an Egg-Cellent Resume2024-12-02TrueeditorTrue
Inside the Open Directory of the “You Dun” Threat Group2024-10-28TrueeditorTrue
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware2024-09-30TrueeditorTrue
BlackSuit Ransomware2024-08-26TrueeditorTrue
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts2024-08-12TrueeditorTrue
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment2024-06-10TrueeditorTrue
From IcedID to Dagon Locker Ransomware in 29 Days2024-04-29TrueeditorTrue
From OneNote to RansomNote: An Ice Cold Intrusion2024-04-01TrueeditorTrue
SEO Poisoning to Domain Control: The Gootloader Saga Continues2024-02-26TrueeditorTrue
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours2024-01-29TrueeditorTrue
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity2023-12-18TrueeditorTrue
SQL Brute Force Leads to BlueSky Ransomware2023-12-04TrueeditorTrue
NetSupport Intrusion Results in Domain Compromise2023-10-30TrueeditorTrue
From ScreenConnect to Hive Ransomware in 61 hours2023-09-25TrueeditorTrue
HTML Smuggling Leads to Domain Wide Ransomware2023-08-28TrueeditorTrue
A Truly Graceful Wipe Out2023-06-12TrueeditorTrue
IcedID Macro Ends in Nokoyawa Ransomware2023-05-22TrueeditorTrue
Malicious ISO File Leads to Domain Wide Ransomware2023-04-03TrueeditorTrue
2022 Year in Review2023-03-06TrueeditorTrue
Collect, Exfiltrate, Sleep, Repeat2023-02-06TrueeditorTrue

1–36 of 36

Built by the dogesec team. Copyright 2026.