T1046 – Network Service Discovery

Blog | Scenario

Snatch Ransomware
ByDetecteam 2023-10-192023-10-19

TLP TLP TLP CLEAR Author Jordi M. Lobo Summary In a recent cyber attack, the Snatch Team used RDP brute force to infiltrate a network and rapidly executed a series of sophisticated actions within a short time frame. They gained initial access by logging into a Domain Administrator (DA) account, performed various commands, and initiated…

Read More Snatch Ransomware
Blog | Scenario

The Trigona ransomware
ByDetecteam 2023-10-112023-10-11

TLP TLP TLP CLEAR Author Jordi M. Lobo Summary The Trigona ransomware, emerging in late 2022, has rapidly evolved with continuous updates. By April 2023, it started targeting MSSQL servers through brute force methods. This threat is linked to the CryLock ransomware group and possibly ALPHV (BlackCat), though their involvement remains uncertain. The US and…

Read More The Trigona ransomware

End of content

End of content