Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: rclone

3 attack reports | 0 vulnerabilities

Attack reports

EDR Bypass Testing Reveals Extortion Actor's Toolkit

Unit 42 investigated an extortion attempt where threat actors tested an AV/EDR bypass tool on rogue systems with Cortex XDR installed. The actors purchased network access via Atera RMM and used a BYOVD technique for the bypass tool. Researchers gained visibility into the actors' systems, uncovering…

extortion
cobalt strike
rclone
mimikatz
conti
sharphound
rubeus
byovd
2024-11-02
cortex xdr
safetykatz
cybercrime forums
threat actor profiling
av/edr bypass
Published: November 2, 2024

Downloadable IOCs 0

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Microsoft has observed Storm-0501, a financially motivated cybercriminal group, conducting multi-staged attacks targeting hybrid cloud environments. The group compromises on-premises networks, performs lateral movement to cloud environments, exfiltrates data, steals credentials, creates persistent …

backdoor
ransomware
credential-theft
cobalt strike
rclone
impacket
data-exfiltration
lateral-movement
2024-09-30
CVE-2022-47966
CVE-2023-4966
hybrid-cloud
embargo
aadinternals
CVE-2023-38203
CVE-2023-29300
Published: September 30, 2024

Downloadable IOCs 14

From IcedID to Dagon Locker Ransomware in 29 Days

This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.

powershell
cobalt strike
anydesk
icedid
adfind
rclone
shell
encrypted
discovery
domain account
access token
manipulation
utility
modify system
aws collector
prometheustds
seatbelt
sharefinder
Published: April 29, 2024

Downloadable IOCs 33

» Click here to see all Attack Reports «