Ransomware – D E C E I V E R . I O

Deceive, Detect, Engage

Engage Report: SCATTERED SPIDER Ransomware Operations in the Cloud

Compromise a privileged account within the victim tenant (e.g., Global Administrator or Security Administrator).
Establish inbound synchronization from an attacker-controlled tenant to the victim tenant.
Provision malicious accounts within the victim tenant as needed.
Maintain persistence and potentially move laterally across connected tenants.

Engage Report: Termite Ransomware

The Termite ransomware attempts to delete all Shadow Copies on the victim’s machine by executing the vssadmin.exe process with the necessary arguments. This is done to prevent the victim from recovering their system to a state before the files were encrypted.

Tag: Ransomware

Engage Report: SCATTERED SPIDER Ransomware Operations in the Cloud

Engage Report: Termite Ransomware

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense