Extracting TTPs from Potato Threat Intelligence about Evil Corp's WastedLocker. Initial access via SocGholish executing PowerShell that then ran CobaltStrike Beacons. They got a trial of ClownStrike and had a bypass for it as well. Will be emulating attack...
November 27, 2024 at 10:18 AM
Extracting TTPs from Potato Threat Intelligence about Evil Corp's WastedLocker. Initial access via SocGholish executing PowerShell that then ran CobaltStrike Beacons. They got a trial of ClownStrike and had a bypass for it as well. Will be emulating attack...
Garmin hack by #EvilCorp using #WastedLocker #ransomware will be emulated in my @VillageRedTeam #adversaryemulation #redteam talk The Cyber Threat Intelligence was good but it was not mapped to @MITREattack so I mapped it and am sharing with all of...
November 27, 2024 at 9:07 AM
Garmin hack by #EvilCorp using #WastedLocker #ransomware will be emulated in my @VillageRedTeam #adversaryemulation #redteam talk The Cyber Threat Intelligence was good but it was not mapped to @MITREattack so I mapped it and am sharing with all of...
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
November 26, 2024 at 6:27 PM
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
My talk on emulating #Ransomware in a safe manner from @defcon @VillageRedTeam is up! We looked into how @garmin was breached by #evilcorp using Cobalt Strike and then dropped #wastedlocker. I used CS & created synthetic, safe ransomware with @scythe_io
https://youtu.be/CXpHaY-2Fvw
https://youtu.be/CXpHaY-2Fvw
November 27, 2024 at 5:49 AM
My talk on emulating #Ransomware in a safe manner from @defcon @VillageRedTeam is up! We looked into how @garmin was breached by #evilcorp using Cobalt Strike and then dropped #wastedlocker. I used CS & created synthetic, safe ransomware with @scythe_io
https://youtu.be/CXpHaY-2Fvw
https://youtu.be/CXpHaY-2Fvw
Excellent post on detecting and mitigating recent #ransomware attacks by @PhilHagen Covers detecting the behaviors prior to the ransomware being deployed like socgholish, cobalt strike, and lolbins. Examples include #wastedlocker #trickbot #emotet...
November 26, 2024 at 6:58 PM
Excellent post on detecting and mitigating recent #ransomware attacks by @PhilHagen Covers detecting the behaviors prior to the ransomware being deployed like socgholish, cobalt strike, and lolbins. Examples include #wastedlocker #trickbot #emotet...
It appears the ransom demand was $10 million https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/?utm_medium=social&utm_source=twitter
Confirmed: Garmin received decryptor for WastedLocker ransomware
BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack.
www.bleepingcomputer.com
November 29, 2024 at 5:24 PM
It appears the ransom demand was $10 million https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/?utm_medium=social&utm_source=twitter
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin tomorrow 2:15pm PT @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
November 27, 2024 at 7:30 AM
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin tomorrow 2:15pm PT @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
Confirmed: Garmin received decryptor for WastedLocker ransomware
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
Confirmed: Garmin received decryptor for WastedLocker ransomware
BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack.
www.bleepingcomputer.com
December 4, 2024 at 2:50 PM
Confirmed: Garmin received decryptor for WastedLocker ransomware
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
Après les malwares bancaires (Dridex), Evil Corp s'intéresse au rançongiciel, de BitPaymer (2017-2018) à WastedLocker, Hades, Phoenix Locker - avec une rançon record de 40 millions de dollars !-, PayLoadBIN et Macaw.
October 2, 2024 at 7:39 AM
Après les malwares bancaires (Dridex), Evil Corp s'intéresse au rançongiciel, de BitPaymer (2017-2018) à WastedLocker, Hades, Phoenix Locker - avec une rançon record de 40 millions de dollars !-, PayLoadBIN et Macaw.
I was so focused on emulating the attack chain that #EvilCorp did on @Garmin as well as recreating the #WastedLocker #ransomware that I did not look into if Garmin paid the ransom or restored. Anyone know? @campuscodi @GossiTheDog
November 27, 2024 at 6:52 AM
I was so focused on emulating the attack chain that #EvilCorp did on @Garmin as well as recreating the #WastedLocker #ransomware that I did not look into if Garmin paid the ransom or restored. Anyone know? @campuscodi @GossiTheDog
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin today at 2:15pm PT @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
November 27, 2024 at 6:30 AM
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin today at 2:15pm PT @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
References 2/3:
Cyber Threat Intelligence for Evil Corp and WastedLocker:
https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/...
Cyber Threat Intelligence for Evil Corp and WastedLocker:
https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/...
Garmin global outage caused by ransomware attack, sources...
The WastedLocker ransomware, used by a notorious Russian ...
techcrunch.com
November 27, 2024 at 7:30 AM
References 2/3:
Cyber Threat Intelligence for Evil Corp and WastedLocker:
https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/...
Cyber Threat Intelligence for Evil Corp and WastedLocker:
https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/...
In 1 hour I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode #adversaryemulation
https://www.twitch.tv/redteamvillage
https://www.twitch.tv/redteamvillage
November 27, 2024 at 6:15 AM
In 1 hour I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode #adversaryemulation
https://www.twitch.tv/redteamvillage
https://www.twitch.tv/redteamvillage
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
November 26, 2024 at 8:27 PM
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
November 26, 2024 at 8:02 PM
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
Why am I nervous? It's my first @defcon @VillageRedTeam talk at a #DEFCON and making the best of #DEFCONSafeMode!
Come watch my talk on #adversaryemulation at #redteam village. Emulating the @Garmin hack by #EvilCorp #Ransomware #WastedLocker...
Come watch my talk on #adversaryemulation at #redteam village. Emulating the @Garmin hack by #EvilCorp #Ransomware #WastedLocker...
November 27, 2024 at 6:15 AM
Why am I nervous? It's my first @defcon @VillageRedTeam talk at a #DEFCON and making the best of #DEFCONSafeMode!
Come watch my talk on #adversaryemulation at #redteam village. Emulating the @Garmin hack by #EvilCorp #Ransomware #WastedLocker...
Come watch my talk on #adversaryemulation at #redteam village. Emulating the @Garmin hack by #EvilCorp #Ransomware #WastedLocker...
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
November 26, 2024 at 7:23 PM
How do you emulate #ransomware in a secure, safe, and professional manner? Check out my talk where we consume CTI on the #EvilCorp attack on @Garmin with #WastedLocker ransomware, create a plan, and emulate it with Cobalt Strike and SCYTHE...
Current view of the #PurpleTeam workshop. Emulating #APT33 #Ryuk #Orangeworm and #WastedLocker in a hands-on, isolated environment for each student! Thanks for hosting us @HITBSecConf #HITBCyberWeek
Next one is December 5: https://scythe.io/workshops
Next one is December 5: https://scythe.io/workshops
November 25, 2024 at 4:18 PM
Current view of the #PurpleTeam workshop. Emulating #APT33 #Ryuk #Orangeworm and #WastedLocker in a hands-on, isolated environment for each student! Thanks for hosting us @HITBSecConf #HITBCyberWeek
Next one is December 5: https://scythe.io/workshops
Next one is December 5: https://scythe.io/workshops
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin in July on Thursday @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
November 27, 2024 at 9:07 AM
I will be emulating the #EvilCorp #WastedLocker attack that hit @Garmin in July on Thursday @defcon @VillageRedTeam so you too can #redteam or #purpleteam your organization and discover whether "this could happen to us" #DEFCONSafeMode...
Come watch #DEFCONSafeMode #RedTeam Village talk, it is streaming now.
Covering @Garmin hack by #EvilCorp and emulating #WastedLocker #ransomware https://twitch.tv/redteamvillage
Blog: https://scythe.io/library/threatthursday-evil-corp
Slides:...
Covering @Garmin hack by #EvilCorp and emulating #WastedLocker #ransomware https://twitch.tv/redteamvillage
Blog: https://scythe.io/library/threatthursday-evil-corp
Slides:...
redteamvillage - Twitch
DEF CON Red Team Village - Ethical Hacking, Red Teamming,...
twitch.tv
November 27, 2024 at 6:15 AM
Come watch #DEFCONSafeMode #RedTeam Village talk, it is streaming now.
Covering @Garmin hack by #EvilCorp and emulating #WastedLocker #ransomware https://twitch.tv/redteamvillage
Blog: https://scythe.io/library/threatthursday-evil-corp
Slides:...
Covering @Garmin hack by #EvilCorp and emulating #WastedLocker #ransomware https://twitch.tv/redteamvillage
Blog: https://scythe.io/library/threatthursday-evil-corp
Slides:...
Extracting TTPs from Cyber Threat Intelligence about Evil Corp's WastedLocker. Initial access via SocGholish executing PowerShell that then ran CobaltStrike Beacons. They got a trial of CrowdStrike and had a bypass for it as well. Will be emulating attack...
November 27, 2024 at 10:15 AM
Extracting TTPs from Cyber Threat Intelligence about Evil Corp's WastedLocker. Initial access via SocGholish executing PowerShell that then ran CobaltStrike Beacons. They got a trial of CrowdStrike and had a bypass for it as well. Will be emulating attack...
Wow look at all the #ransomware in the news on the latest @SANSInstitute NewsBites! I did some work consuming CTI from the Garmin hack. The group is called #EvilCorp and they used #WastedLocker malware. #AdversaryEmulation talk will cover how to emulate:...
November 27, 2024 at 7:40 AM
Wow look at all the #ransomware in the news on the latest @SANSInstitute NewsBites! I did some work consuming CTI from the Garmin hack. The group is called #EvilCorp and they used #WastedLocker malware. #AdversaryEmulation talk will cover how to emulate:...