all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From OneNote to RansomNote: An Ice Cold Intrusion

Add to bookmarks
April 1, 2024, 11:53 a.m. | /u/TheDFIRReport

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.

https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/

access actor blueteamsec case cold data exfiltrate data february files filezilla ice icedid initial access intrusion microsoft microsoft onenote network nokoyawa nokoyawa ransomware onenote onenote files ransomware threat threat actor threat actors

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

Investigating Microsoft Graph Activity Logs 3 hours ago | www.reddit.com
blueteamsec graph logs microsoft
How an empty S3 bucket can make your AWS bill explode - "As it turns … 13 hours ago | www.reddit.com
aws backups bill blueteamsec +9
Any tips for doing a living off the land threat hunt on your own computer? 20 hours ago | www.reddit.com
blueteamsec clients computer computers +18
Sodinokibi/REvil Affiliate Sentenced for Role in $700M Ransomware Scheme 22 hours ago | www.reddit.com
affiliate blueteamsec ransomware revil +3
A Summary of 6 Months Tracking AiTM Campaigns 1 day, 8 hours ago | www.reddit.com
aitm blueteamsec campaigns tracking
Unpacking with Windows Defender 1 day, 14 hours ago | www.reddit.com
blueteamsec defender unpacking windows +1
National Security Memorandum on Critical Infrastructure Security and Resilience | The White House 1 day, 14 hours ago | www.reddit.com
blueteamsec critical critical infrastructure house +9
How Lazarus Group laundered $200M from 25 hacks 1 day, 14 hours ago | www.reddit.com
blueteamsec hacks lazarus lazarus group
Recommendations for SIEM Architecture Books 1 day, 18 hours ago | www.reddit.com
alternatives architecture blueteamsec books +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

DevSecOps Engineer

@ LinQuest | Beavercreek, Ohio, United States
View on infosec-jobs.com

Senior Developer, Vulnerability Collections (Contractor)

@ SecurityScorecard | Remote (Turkey or Latin America)
View on infosec-jobs.com

Cyber Security Intern 03416 NWSOL

@ North Wind Group | RICHLAND, WA
View on infosec-jobs.com

Senior Cybersecurity Process Engineer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Sr. Manager, Cybersecurity and Info Security

@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US
View on infosec-jobs.com
View more jobs