SECUINFRA Falcon Team
Digital Forensics & Incident Response experts
The SECUINFRA Falcon Team is specialized in the areas of Digital Forensics (DF) and Incident Response (IR). This includes classic host-based forensics, but also topics such as malware analysis or compromise assessment.
In addition to the activities for which we are responsible within the scope of customer orders, the Falcon team is also responsible for the operation, further development and research of various projects and topics in the DF/IR area. These include, for example, threat intelligence or the creation of detection rules based on Yara.
That a compromised mailbox is an extremely unpleasant situation is something everyone should be able to imagine. In a recent case we have investigated, attackers have been particularly clever.
In this article, we will look at artifacts that should always be collected during an incident on a Windows-based system to get the best possible picture of what happened.
Having previously made a name for itself on the criminal scene by attacking major companies such as Quanta Computer and Invernergy, REvil's latest attack on software company Kaseya and its update service is believed to have affected several hundred companies worldwide.
In the event of an attack, companies should take appropriate countermeasures with professional help. The tool of choice here is Digital Forensics & Incident Response (DFIR).
In addition to the expected IOCs for the ProxyLogon/Hafnium vulnerability, our analysis identified one IOC of another vulnerability.