Incident Response
BSI has set up a model that divides the procedure into 6 different phases, which is very finely granulated compared to other models.
In order to shed some light on the subject, we would like to look at a few facts and figures about ransomware as well as a typical course of attack.
That a compromised mailbox is an extremely unpleasant situation is something everyone should be able to imagine. In a recent case we have investigated, attackers have been particularly clever.
In this article, we will look at artifacts that should always be collected during an incident on a Windows-based system to get the best possible picture of what happened.
In the event of an attack, companies should take appropriate countermeasures with professional help. The tool of choice here is Digital Forensics & Incident Response (DFIR).
In addition to the expected IOCs for the ProxyLogon/Hafnium vulnerability, our analysis identified one IOC of another vulnerability.