cado-security/DFIR_Resources_REvil_Kaseya cado-security/DFIR_Resources_REvil_Kaseya

  • Stars
    star
    174
  • Rank 217,787 (Top 5 %)
  • Language
    C
  • License
    Other
  • Created about 3 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cado-security/DFIR_Resources_REvil_Kaseya
github

cado-security

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.

We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:

  • Forensic Analysis and Reporting
  • Malware Samples
  • Decompiled Malware Samples (via retdec)
  • PCAP of network traffic capture from an infected system
  • Indicators of Compromise and Yara Rules
  • Configuration and Ransomware Note
  • Full disk captures from an infected system (See Releases)

More Repositories

1

varc

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Python
175
star
2

rip_raw

Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Python
130
star
3

masked-ai

Masked Python SDK wrapper for OpenAI API. Use public LLM APIs securely.
Python
67
star
4

CloudAndContainerCompromiseSimulator

Simulates a compromise in a cloud and container environment
Shell
28
star
5

AWS_EKS_Cluster_Forensics

AWS EKS Cluster Forensics
22
star
6

MalwareAnalysis

MalwareAnalysis
C#
11
star
7

DFIR_Resources_Whispergate

Resources for DFIR Professionals Responding to the Whispergate
C#
9
star
8

Awesome-Fargate-ECS-EKS-Security-Tools-and-Guides

Awesome Fargate & ECS & EKS Security Tools and Guides
7
star
9

DFIR_Resources_Industroyer2

IoCs and YARA rules for Industroyer2
YARA
7
star
10

guardduty-lambda-cado

Go straight from Guard Duty alerts to Automated Investigations in AWS with Cado Response
Python
4
star
11

product-help

Product help and user guides
JavaScript
3
star
12

hellokitty-ransomware

Decoded HelloKitty Ransomware
C
3
star
13

ctf-lambda-containers

2
star
14

Deployment-Templates

Contains a copy of the Terraform deployment templates for Cado Response
HCL
2
star
15

cado-poc-eks-cluster

Easily create a simple EKS cluster for testing EKS acquisition in the Cado platform.
Shell
2
star
16

Engineering-Career-Ladder

The Engineering Career Ladder for Cado Security
1
star
17

log4shell

Content to help the community responding to the Log4j Vulnerability Log4Shell CVE-2021-44228
1
star