Skip to content

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

License

Notifications You must be signed in to change notification settings

cado-security/DFIR_Resources_REvil_Kaseya

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.

We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:

  • Forensic Analysis and Reporting
  • Malware Samples
  • Decompiled Malware Samples (via retdec)
  • PCAP of network traffic capture from an infected system
  • Indicators of Compromise and Yara Rules
  • Configuration and Ransomware Note
  • Full disk captures from an infected system (See Releases)

About

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages