The DFIR Report
@TheDFIRReport
Followers
61K
Following
691
Media
471
Statuses
2K
Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2w
thedfirreport.com/contact
Joined April 2020
RT @TheDFIRReport: 🚨 Search for software, end up getting ransomware!. SEO-driven #Bumblebee malware campaigns observed throughout July led….
thedfirreport.com
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in …
0
38
0
RT @TheDFIRReport: 📉DFIR Labs Weekend Discount📉. Use this discount code to receive 10% off all DFIR Labs cases! Discount expires August 11t….
0
8
0
🎯 DEF CON Attendees — Swing by Malware Village today at 4 PM and snag some free DFIR Report swag!. Come say hi to @angelo_violetti and @RussianPanda9xx, they’ll be there handing it out. Don’t miss it!
0
4
83
📉DFIR Labs Weekend Discount📉. Use this discount code to receive 10% off all DFIR Labs cases! Discount expires August 11th 03:59 UTC. ⏲️Buy now, use anytime over the next 3 months. ➡️Discount code: WeekendDiscount20250808. Access DFIR Labs:
0
8
22
🚨 Search for software, end up getting ransomware!. SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan.
thedfirreport.com
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in …
1
38
106
🔎 What do you value most in a DFIR report? Detailed deep dives? Timely, concise summaries? Strategic insights? Something else?. Vote in the poll and share your thoughts in the replies 👇.
2
1
8
🚨 New: DFIR Labs Pro Tier is here!. 🎯 Smarter investigations with:.• 🧠 AI Timeline Builder (w/ IOCs + notes).• ⏱️ More lab time + extension credits.• 📊 Analytics dashboard w/ tailored insights. 🔗 Dive in:
2
14
80
RT @TheDFIRReport: 🚨 New Interlock RAT variant spotted!. Researchers from The DFIR Report, in partnership with Proofpoint, have identified….
thedfirreport.com
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…
0
38
0
🚨 New Interlock RAT variant spotted!. Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). 🔎 #DFIR #KongTuke #InterlockRAT #FileFix.
thedfirreport.com
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…
3
38
113
This position is closing soon, don’t miss your chance to apply!.
🔎 We're Hiring: Senior Security Analyst. We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights. Check out the full job description and apply here 👉
1
8
25
RT @TheDFIRReport: 📢DFIR Labs Enterprise Forensics Challenge📢. 🔹 When: Aug 30, 2025 (14:00-18:00 UTC).🔹 SIEM: Azure Log Analytics, Elastic,….
0
7
0
RT @TheDFIRReport: 🌟New report out today!🌟. Hide Your RDP: Password Spray Leads to RansomHub Deployment. Analysis and reporting completed b….
thedfirreport.com
Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…
0
39
0
RT @r3nzsec: Classic #ransomhub execution baked into the encryptor itself. Check out the latest report here and learn how that exposed RDP….
0
10
0
🌟New report out today!🌟. Hide Your RDP: Password Spray Leads to RansomHub Deployment. Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2. 🔊Audio: Available on Spotify, Apple, YouTube and more!.
thedfirreport.com
Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…
1
39
113
➡️Buy Now: (or use your subscription token 😉). Oh, and the dashboard?. We gave it a full UI refresh. Cleaner, faster, easier to use. Hope you enjoy it!. 2/2.
store.thedfirreport.com
This case is based on the public report From ScreenConnect to Hive Ransomware in 61 hours. You will investigate a domain-wide compromise that progressed through multiple stages, beginning with the...
0
1
3
A New DFIR Lab is out: The Hive Ransomware Fail 🐝. A domain is under siege, can you trace the threat actor's steps? Sharpen your triage and lateral movement skills in this hands-on investigation. ➡️Difficulty: Easy. 1/2.
2
3
21
🔎 We're Hiring: Senior Security Analyst. We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights. Check out the full job description and apply here 👉
forms.office.com
1
22
83
📢DFIR Labs Enterprise Forensics Challenge📢. 🔹 When: Aug 30, 2025 (14:00-18:00 UTC).🔹 SIEM: Azure Log Analytics, Elastic, or Splunk.🔹 Teams: 2-3 analysts.🔹 Prizes: Top team wins! 🏆. Limited spots available. Register Now:
1
7
23
We built these plans to make high-quality DFIR training accessible to everyone. Ready to dive in? Check out all the details and sign up today! 👇. 👉 5/5.
0
0
6
For Teams:. Need to level up your whole crew? Our Enterprise plans are packed with features like bulk tokens, detailed usage reporting, 7-day lab access, and priority support. Everything your team needs to sharpen their skills together!. 4/5.
1
0
4