11
GitHub - cado-security/DFIR_Resources_REvil_Kaseya: Resources for DFIR Professio...
source link: https://github.com/cado-security/DFIR_Resources_REvil_Kaseya
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.
We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:
- Forensic Analysis and Reporting
- Malware Samples
- Decompiled Malware Samples (via retdec)
- PCAP of network traffic capture from an infected system
- Indicators of Compromise and Yara Rules
- Configuration and Ransomware Note
- Full disk captures from an infected system (See Releases)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK