Trend™ Research reveals DragonForce ransomware’s use of PsExec, WMI, AdFind, and LaZagne for lateral movement, account discovery, and credential extraction. Learn how to harden endpoints and monitor these techniques. Full report: research.trendmicro.com/3JCn…

Trend™ Research reveals DragonForce ransomware’s use of PsExec, WMI, AdFind, and LaZagne for lateral movement, account discovery, and credential extraction. Learn how to harden endpoints and monitor these techniques. Full report: research.trendmicro.com/3JCn…

Spybot3.AntiBeacon32.dll -Renamed AdFind Execution thedfirreport.com/2021/01/11… virustotal.com/gui/file/e1d9…

New Sigma release r2025-05-21 is available for download. 🌟15 New Rules 🛡️47 Rule updates 🔬13 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/rel… This release focused mainly on updates and tunings of older rules, with newer detections covering NimScan, AdFind, Kalambur Backdoor and more. Without forgetting, a special thanks to the many contributors that helped shape this release, specifically Milad Cheraghi, @OrOneEqualsOne, david-syk, @TheDFIRReport, Derek Armstrong, Isaac Fernandes, @frack113, Gude5, Hannes Widéen, Allan Monteiro, Jason Mull, @KoifSec, @MalGamy12, @cyb3rops, Nick Lupien, @phantinuss, RG9n, signalblur, @_swachchhanda_, Arda Büyükkaya, @X__Junior

There are commands that are used both for defenders and adversaries such as net group "domain admins" /domain, nltest /dclist or tools like Adfind, how do you handle those cases?

NEW LESSON 🚀 Dan Marr describes multiple techniques attackers use for Active Directory enumeration, with demonstrations of ADFind and Bloodhound, and a walkthrough of the artifacts they left behind.

Heh. My internal cyber incident response scripts made extensive use of AdFind some twenty years ago. It has a special place in my heart.

Putting legit operations tools like ADFind, PuTTY, and WinSCP under the heading of "Commodity Malware" in a joint cybersecurity advisory feels sensational and irresponsible. (Did Forbes write this?! ) 😋 They might as well include Bash, PowerShell, & git! ic3.gov/Media/News/2024/2407…

List of ”Commodity malware” includes PuTTY, WinRAR, AdFind and a proxy. I kind of preferred the expression ”Living off the Lans” over designating useful admin tools and infra components as malicious per se. Maybe I am old-fashioned.

3. 攻撃の詳細　攻撃者はNetscanやAdFindなどのツールを使用してネットワーク内のホストやアカウントを探索し、資格情報を収集しました。さらに、PsExecを使用して各ホストにランサムウェアを展開し、Windows Defenderを無効化した後、ファイルを暗号化しました。

Storm-0844 uses VPN clients to gain initial access, likely via valid accounts. They use open-source tools like ADFind, Rubeus, and Advanced IP Scanner for network discovery and lateral movement. They also use rclone for staging files to be exfiltrated.

DISCOVERY: The attacker performed information gathering using tools such as #NetScan and #AdFind.

一般来说只要开发好稳定好几乎就不怎么维护了，类似于nmap和一些老牌的工具，而ai工具很多都是提供个框架，往后只需要提供样本，且样本可以用户自己训练。 joeware.net/freetools/index.… 这是ADfind佬的小工具，也都很强

First thing I would do is check the context of the device. 1) Is there additional alerts? 2) How did the file get onto the system, is the user in IT or some random unknown user. 3) Was there other files that were out on the machine around time, were the results of ADfind exfild

Assume you have access to whatever native digital evidence source you need, but no EDR tool. More information about Adfind: joeware.net/freetools/tools/…

Investigation Scenario 🔎 You’ve discovered the ADFind tool on a non-IT or security user’s workstation in your network. What do you look for to investigate whether an incident occurred and its extent? #InvestigationPath #DFIR #SOC

This. Honestly, it’s been year after year of psexec, adfind, 205 days, default creds, and beacon with EICAR strings. I love the research, it’s vital to preventing today’s reality tomorrow. But IRL victims are frequently just completely unrequited to deal with any attacker.

"The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind." thedfirreport.com/2024/04/29…

🌟New report out Monday 4/1 by @iiamaleks, @IrishD34TH, and @Miixxedup! 📷 This intrusion began with a malicious OneNote attachment and ended with ransomware. You'll see mentions of IcedID, AnyDesk, Cobalt Strike, FileZilla, AdFind and more! Subscribe⬇️ thedfirreport.com/subscribe/

🚨 CISA StopRansomware Advisory: Play Ransomware 🚨 Summary: The Play ransomware group encrypts systems and steals data, then demands ransom payments. The joint advisory released by US-CERT/CISA details their tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations defend against Play ransomware attacks. Threat Actor: Play ransomware group Malware: Play ransomware, SystemBC malware Tools used: AdFind, Bloodhound, GMER, IOBit, PsExec, PowerTool, PowerShell, Cobalt Strike, Mimikatz, WinPEAS, WinRAR, WinSCP, Microsoft Nltest, Nekto / PriviCMD, Process Hacker, Plink Target Applications and CVEs: FortiOS (CVE-2018-13379, CVE-2020-12812), Microsoft Exchange (ProxyNotShell [CVE-2022-41040, CVE-2022-41082]) Impact: Data encryption, device compromise, financial loss IOCs_SHA-256: 453257c3494addafb39cb6815862403e827947a1e7737eb8168cd10522465deb 47c7cee3d76106279c4c28ad1de3c833c1ba0a2ec56b0150586c7e8480ccae57 75404543de25513b376f097ceb383e8efb9c9b95da8945fd4aa37c7b2f226212 7a42f96599df8090cf89d6e3ce4316d24c6c00e499c8557a2e09d61c00c11986 7a6df63d883bbccb315986c2cfb76570335abf84fafbefce047d126b32234af8 7dea671be77a2ca5772b86cf8831b02bff0567bce6a3ae023825aa40354f8aca c59f3c8d61d940b56436c14bc148c1fe98862921b8f7bad97fbc96b31d71193c e652051fe47d784f6f85dc00adca1c15a8c7a40f1e5772e6a95281d8bf3d5c74 e8d5ad0bf292c42a9185bb1251c7e763d16614c180071b01da742972999b95da MITRE_TTPs: T1078, T1190, T1133, TA0007, T1016, T1518.001, T1562.001, T1070.001, T1570, T1484.001, T1560.001, T1048, T1486, T1657 Action: Threat Management/SOC professionals shall use the listed IOCs, TTPs to detect the subjected campaign activities and also to perform proactive Threat Hunting. Reference: This writing is published based on joint research advisory released by US-CERT/CISA research team. --------------------------------------------------------------------------------------- 🚀Join us on our mission to secure the digital world and make cyber defense affordable to everyone! 🌐 Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights. #Play #Ransomware #CISA #StopRansomware #CyberAttacks 🛡️🔒