Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 3.34 KB

TheDFIRReportGroups.md

File metadata and controls

22 lines (20 loc) · 3.34 KB

The DFIR Report Threat Groups

Important

The Threat Groups mentioned in other files in this repository are highlighted in the following list from The DFIR Report. It was important to use this list of publicly available reports as the main source as it makes it so the research can be independently peer reviewed.

Most Recent Publication Ransomware/Extortionist Report
10 June 2024 BlackCat (ALPHV) IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
29 April 2024 Dagon Locker From IcedID to Dagon Locker Ransomware in 29 Days
1 April 2024 Nokoyawa From OneNote to RansomNote: An Ice Cold Intrusion / IcedID Macro Ends in Nokoyawa Ransomware
29 January 2024 Trigona Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
25 September 2023 Hive From ScreenConnect to Hive Ransomware in 61 hours
3 April 2023 Quantum Malicious ISO File Leads to Domain Wide Ransomware / Quantum Ransomware
4 April 2022 Conti Stolen Images Campaign Ends in Conti Ransomware / BazarLoader to Conti Ransomware in 32 Hours / BazarCall to Conti Ransomware via Trickbot and Cobalt Strike / Conti Ransomware
13 December 2021 Diavol Diavol Ransomware
18 October 2021 XingLocker IcedID to XingLocker Ransomware in 24 hours
29 March 2021 REvil Sodinokibi (aka REvil) Ransomware
23 November 2020 PYSA PYSA/Mespinoza Ransomware
5 November 2020 Ryuk Ryuk Speed Run, 2 Hours to Ransom / Ryuk in 5 Hours / Ryuk's Return
31 August 2020 NetWalker NetWalker Ransomware in 1 Hour
21 June 2020 Snatch Snatch Ransomware
4 April 2020 GoGoogle GoGoogle Ransomware