Tag: incident response

5 Attack Reports | 0 Vulnerabilities

Attack reports

Modern Incident Response: Tackling Malicious ML Artifacts

This analysis explores the emerging threat of machine learning model-based breaches, detailing their anatomy, detection methods, and real-world examples. It highlights the risks associated with sharing ML models, particularly through platforms like Hugging Face, and the potential for malicious acto…
cobalt strike
incident response
cybersecurity
metasploit
mythic
machine learning
2025-05-14
trickbot
sandboxing
pickle files
forensics
model-based breaches
malicious ai
Published: May 14, 2025
Downloadable IOCs: 2

New Ymir ransomware discovered used together with RustyStealer | Securelist

A new ransomware called Ymir was discovered during an incident response case. It uses memory operations to evade detection and employs the ChaCha20 cipher for encryption. The attackers gained initial access via PowerShell commands and installed tools like Process Hacker before deploying Ymir. The r…
ransomware
powershell
encryption
incident response
chacha20
systembc
2024-11-11
rustystealer
ymir
Published: November 11, 2024
Downloadable IOCs: 12

New Ymir ransomware discovered used together with RustyStealer

A new ransomware called Ymir was discovered during an incident response case. It uses memory operations to evade detection and employs the ChaCha20 cipher for encryption. The attackers gained initial access via PowerShell commands and installed tools like Process Hacker before deploying Ymir. The r…
ransomware
powershell
encryption
incident response
chacha20
systembc
2024-11-11
rustystealer
ymir
Published: November 11, 2024
Downloadable IOCs: 0

How Managed Detection and Response Pressed Pause on a Play Ransomware Attack

This report details how Trend Micro's Managed Detection and Response (MDR) service successfully thwarted a sophisticated ransomware attack orchestrated by the notorious Play ransomware group. Through continuous monitoring and expert analysis, the MDR team swiftly identified and contained the intrus…
ransomware
incident response
cybersecurity
threat analysis
2024-08-23
systembc
grixba
malware campaign
Published: August 23, 2024
Downloadable IOCs: 1

Phishing Incident Report: Facts and Timeline

On June 18, 2024, an employee's account at ANY.RUN was compromised and used to carry out a phishing attack against the company's entire contact list. The initial compromise occurred on May 27 through an AiTM phishing campaign targeting the employee. Over the following weeks, the attacker maintained…
phishing
2024-06-25
data exfiltration
incident response
mfa bypass
email compromise
Published: June 25, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports