Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Related tags

Miscellaneous DFIR_Resources_REvil_Kaseya
Overview

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.

We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:

  • Forensic Analysis and Reporting
  • Malware Samples
  • Decompiled Malware Samples (via retdec)
  • PCAP of network traffic capture from an infected system
  • Indicators of Compromise and Yara Rules
  • Configuration and Ransomware Note
  • Full disk captures from an infected system (See Releases)
You might also like...
Phantom Attack: Evading System Call Monitoring

Phantom attack is a collection of attacks that evade Linux system call monitoring. A user mode program does not need any special privileges or capabilities to reliably evade system call monitoring using Phantom attack by exploiting insecure tracing implementations.

Rex Guo 62 Dec 7, 2022
Living off the Land Attack in Linux, load an anonymous file in memory.
Living off the Land Attack in Linux, load an anonymous file in memory.

ELFMemoryLoader Living off the Land Attack in Linux。 Linux场景下的核心载荷不落地攻击。 Loader get elf data from remote server, then use file descriptor to run elf i

null 5 Sep 24, 2022
This is Script tools from all attack Denial of service by C programming

RemaxDos Paltfrom Attack RemaxDos This is Script tools from all attack Denial of service Remax Box Team !. Features ! Cam overflow Syn Flooding. Smurf

null 7 Sep 11, 2022
Implementation of the key recovery attack against GEA-1 keys (Eurocrypt 2021)

GEA1_break This tool implements the attack against the GEA-1 described in Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2. GEA-1 is on

null 47 Sep 21, 2022
Patch for Titanfall 2 that helps prevent disconnects while the servers are being attacked by a DoS attack.

Titanfall2 DeltaBuf patch This patch for Titanfall 2 helps prevent disconnects while the servers are being attacked by a DoS attack. Disclaimer This i

null 7 Jan 8, 2023
Ramp is a HID attack program that steals all connected WiFi passwords within 13 seconds.
Ramp is a HID attack program that steals all connected WiFi passwords within 13 seconds.

Ramp Ramp is a HID attack program that steals all connected WiFi passwords within 13 seconds. Tested Windows 10 Warning Ramp has been created for the

Md. Ridwanul Islam Muntakim 24 Dec 24, 2022
Resources gathered for reverse engineering the FNIRSI-1013D scope

# FNIRSI-1013D-Hack Resources gathered for reverse engineering the FNIRSI-1013D scope As part of what is on EEVBLOG, resources for the reverse engine

null 75 Dec 25, 2022
Current and past resources for the UNSW courses I have tutored.

James' tutoring resources The home for the code/solutions/etc. from my tutorials, as well as any other resources as I see fit. Table of contents Cours

James Davidson 19 Oct 4, 2022
Competitive Programming Implementations, Resources, Solutions, and Tools

In competitive programming contests, one must write computer programs capable of solving clear-cut problems under the given contraints and limits. Most competitive programmers use C++, Java, or Python.

Dong Liu 14 Sep 23, 2021
Comments
  • Please clarify role of domains in IOCs

    Please clarify role of domains in IOCs

    Please clarifiy the role of the domains in https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/blob/main/IOCs/Domains.txt . Are these part of a C2 infrastructure or are those compromised domains, etc? Please clarify.

    opened by certrik 3
Releases(v1.0)
Owner
Cado Security
We're building a platform to push digital forensics forward into the cloud era.
Cado Security
GitHub
ESP32 based USB C Programmable Power Supply

ESP32 USB-C Power Supply The idea for this ESP32 usb-c power supply project came to me when I discovered that components exist that communicate to par

Mike Rankin 146 Dec 29, 2022
Small Linux ransomware with no sudo requirement.

Info This is a little project made by me which encrypts the entire home directory and plays for you Blackjack. If you lose, your data stays encrypted

Scripted 2 Dec 2, 2021
Our very own ransomware for Linux

quierollorar Our very own ransomware for Linux quierollorar.sh encripta todo el contenido de la carpeta private/ parodellorar.sh desencripta todo el c

null 2 Nov 9, 2021
🔬Collection of malware, ransomware, RATs, botnets, stealers, etc.

?? Malware collection (جمع البرامج الضارة) What is it? In this repository you can find a huge collection of malicious software that was found on githu

The LAB 455 Oct 30, 2022
PoC ransomware. Inspired by Mr. Robot

Fsociety Ransomware This is a small piece of software intended to be a PoC (Proof of Concept) of a ransomware with similar GUI to the one seen in Mr.

Benjamín Guzmán 4 Aug 22, 2022
Simple sensor filter chain nodes and nodelets

sensor_filters This package is a collection of nodes and nodelets that service a filters::FilterChain for message types from sensor_msgs package. Each

Vision for Robotics and Autonomous Systems 16 Aug 15, 2022
Basic physics simulation of a chain

Basic Chain Simulation Compile using for example $ g++ ChainElement.cpp ChainLink.cpp Chain.cpp Simulation.cpp main.cpp -std=c++11 -o run -O3 The outp

Steffen Richters-Finger 118 Oct 17, 2022
Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.

ESP32 Wi-Fi Penetration Tool This project introduces an universal tool for ESP32 platform for implementing various Wi-Fi attacks. It provides some com

null 612 Jan 3, 2023
King Hamlet is a simple tool, which allows you to perform a Process Ghosting Attack

KingHamlet Process Ghosting Tool - 64 bits Only! King Hamlet is a simple tool, which allows you to perform a Process Ghosting Attack

null 149 Dec 27, 2022
🎮 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.

Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github

Liugw 71 Oct 14, 2021