Tag: shift-report
All the articles with the tag "shift-report".
-
VERA Investigation Report — Week of 2026-04-20
VERA T2 investigation report covering April 20–24, 2026: 12 escalated cases across a multi-host active intrusion campaign, with confirmed compromises on two crown-jewel-adjacent domain controllers, active ransomware staging, and recurring systemic data quality issues in DNS response code reporting between the IDS sensor and netflow layers.
-
VERA Investigation Report — Week of 2026-04-13
Shift 4 investigation report covering 12 escalated cases across the week of 2026-04-13, documenting a confirmed multi-actor campaign against corp.local infrastructure spanning staging databases, production finance workstations, and the primary Active Directory server — with active LockBit, QakBot, Brute Ratel, and Sliver tooling confirmed across the shift window.
-
VERA Investigation Report — Week of 2026-04-06
VERA T2 investigation report covering 15 escalated cases from 2026-04-06 through 2026-04-10, documenting confirmed active compromise across multiple critical assets including Active Directory and finance-segment hosts, with active BlackCat, QakBot, Cobalt Strike, IcedID, and Emotet intrusions requiring immediate ARIA containment.
-
VERA Investigation Report — Week of 2026-03-30
VERA T2 investigation summary for the week of 2026-03-30 through 2026-04-03: 15 cases investigated, all escalated to ARIA at immediate urgency, spanning confirmed QakBot, BlackCat, Cobalt Strike, Sliver, and Metasploit compromises across crown-jewel-adjacent and production assets.
-
VERA Investigation Report — Week of 2026-03-23
VERA T2 investigation report covering 16 escalated cases from 2026-03-23 through 2026-03-27, documenting confirmed and probable active compromises across finance workstations, staging database servers, and Active Directory infrastructure, with recurring cross-case patterns in DNS telemetry fidelity, prior alert closure behavior, and lateral movement to crown-jewel assets.