github

cado-security / DFIR_Resources_REvil_Kaseya

  • среда, 7 июля 2021 г. в 00:28:37
https://github.com/cado-security/DFIR_Resources_REvil_Kaseya


Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack



Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.

We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:

  • Forensic Analysis and Reporting
  • Malware Samples
  • Decompiled Malware Samples (via retdec)
  • PCAP of network traffic capture from an infected system
  • Indicators of Compromise and Yara Rules
  • Configuration and Ransomware Note
  • Full disk captures from an infected system (See Releases)