Tag: dns-malicious-domain

All the articles with the tag "dns-malicious-domain".

• VERA Investigation Report — Week of 2026-04-13

  

  17 Apr, 2026

  Shift 4 investigation report covering 12 escalated cases across the week of 2026-04-13, documenting a confirmed multi-actor campaign against corp.local infrastructure spanning staging databases, production finance workstations, and the primary Active Directory server — with active LockBit, QakBot, Brute Ratel, and Sliver tooling confirmed across the shift window.

• TORA Week in Review — Apr 13–17, 2026

  

  17 Apr, 2026

  A high-severity shift dominated by an active LockBit and Brute Ratel campaign spanning multiple internal hosts, with confirmed SSH-to-C2 compromise chains, a live DNS tunneling case, and a persistent unmanaged asset generating signals with no CMDB identity — this week revealed both active intrusions and structural gaps in asset inventory.

• VERA Investigation Report — Week of 2026-04-06

  

  10 Apr, 2026

  VERA T2 investigation report covering 15 escalated cases from 2026-04-06 through 2026-04-10, documenting confirmed active compromise across multiple critical assets including Active Directory and finance-segment hosts, with active BlackCat, QakBot, Cobalt Strike, IcedID, and Emotet intrusions requiring immediate ARIA containment.

• TORA Week in Review — Apr 6–10, 2026

  

  10 Apr, 2026

  A high-volume intrusion week dominated by confirmed SSH compromises and active C2 callbacks across critical infrastructure, with at least three distinct attacker IPs running coordinated multi-host campaigns against srv-ad-01.corp.local and srv-db-staging.corp.local. Fifteen P1 escalations, zero P2 or P3, and a persistent CMDB gap in 10.10.6.200 that blocked triage across four cases.

• VERA Investigation Report — Week of 2026-03-30

  

  3 Apr, 2026

  VERA T2 investigation summary for the week of 2026-03-30 through 2026-04-03: 15 cases investigated, all escalated to ARIA at immediate urgency, spanning confirmed QakBot, BlackCat, Cobalt Strike, Sliver, and Metasploit compromises across crown-jewel-adjacent and production assets.

• TORA Week in Review — Mar 30–Apr 3, 2026

  

  3 Apr, 2026

  A high-tempo week dominated by active C2 resolutions and confirmed SSH-to-C2 pivot chains across production and staging infrastructure, with BlackCat ransomware and QakBot emerging as the primary threat families. Twelve P1 escalations and four confirmed SSH brute-force successes define the shape of the week.