#rcintel search results

The combination of low guest counts and soaring operating costs have also resulted in eight out of 10 foodservice companies indicating that their profitability in Q1 2023 remains below Q1 2019. Learn more: bit.ly/42bBwb7 #research #RCIntel

The #BumbleBee dropper/downloader continues to change. We’re now seeing odbcconf.exe load the malicious DLL (rather than Rundll32). While odbcconf.exe can execute DLL files, we don’t commonly observe it doing so in the wild, so this is an interesting change! #RCIntel

Red Canary detected an increase of overall threat volume last month, with Impacket and Mimikatz appearing in customer environments most often. Read more in the latest edition of Intelligence Insights from #RCIntel: redcanary.com/blog/intellige…

Raspberry Robin leaves tracks, Gootloader returns, and Qbot adopts new tradecraft. Read about all of this and more in this month's Intelligence Insights from #RCIntel redcanary.com/blog/intellige…

Raspberry Robin leaves tracks, Gootloader returns, and Qbot adopts new tradecraft. Read about all of this and more in this month's Intelligence Insights from #RCIntel redcanary.com/blog/intellige…

EDIT - @ signed where we should have hash-tagged. #RCintel not @ rcintel. We apologize for the error.

Just in from #RCIntel: @techieStef and @LaurenLeigh522 analyze Raspberry Robin, a new activity cluster involving a worm spread by external drives. redcanary.com/blog/raspberry…

SocGholish falls from first place, Yellow Cockatoo rebounds, and Qbot campaigns leverage Windows Installer packages. All of this and more in the latest edition of Intelligence Insights from #RCIntel redcanary.com/blog/intellige…

SocGholish falls from first place, Yellow Cockatoo rebounds, and Qbot campaigns leverage Windows Installer packages. All of this and more in the latest edition of Intelligence Insights from #RCIntel redcanary.com/blog/intellige…

SocGholish reclaims the top spot, Redline activity is on the rise, and detections associated with Raspberry Robin increase...all of this and more in the latest edition of Intelligence insights from #RCIntel. redcanary.com/blog/intellige…

SocGholish reclaims the top spot, Redline activity is on the rise, and detections associated with Raspberry Robin increase...all of this and more in the latest edition of Intelligence insights from #RCIntel. redcanary.com/blog/intellige…

#RCIntel wanted to provide some detection opportunities for the community based on this information to empower defenders to respond to this activity in near real-time.

Mimikatz ascends the threat ranks, Emotet increases phishing campaigns, and the new Coral Crane activity cluster emerges...all this and more in this month's insights from #RCIntel. redcanary.com/blog/intellige…

We continue our countdown of the Top 5 most read Red Canary articles of 2021 -- #2 In March, #RCintel tracked multiple activity clusters exploiting vulnerable Microsoft Exchange servers to drop web shells. redcanary.com/blog/microsoft…

New malware analysis from @ForensicITGuy: #RCIntel recently analyzed a sample of Cryptbot and traced it back to a fake KMSPico installer. cstu.io/c2700e #Cybersecurity

New malware analysis from @ForensicITGuy: #RCIntel recently analyzed a sample of Cryptbot and traced it back to a fake KMSPico installer. Here's what to look out for. redcanary.com/blog/kmspico-c…

With help from our partners @KrollWire, #RCIntel analyzed a BlackByte ransomware sample and uncovered details about its initial access, post-exploitation, and exfiltration phases prior to encryption. redcanary.com/blog/blackbyte…

Last month, #RCIntel saw a compromised NPM package distributing a cryptominer, TR delivering SquirrelWaffle, and a rise in Gamarue. Get detection opportunities and more in the latest edition of Intelligence Insights. redcanary.com/blog/intellige…

This month's insights from #RCIntel feature Yellow Cockatoo soaring to the top of our list, new tactics from ZLoader, and the rise of BlackByte ransomware. Detection opportunities abound! redcanary.com/blog/intellige…

TA551 surged in prevalence last month, overtaking Cobalt Strike as the most prevalent threat #RCIntel has observed in 2021 so far. Read more in the first edition of our monthly Intelligence Insights. redcanary.com/blog/intel-ins…

The #BumbleBee dropper/downloader continues to change. We’re now seeing odbcconf.exe load the malicious DLL (rather than Rundll32). While odbcconf.exe can execute DLL files, we don’t commonly observe it doing so in the wild, so this is an interesting change! #RCIntel

BOLO for increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware. If you see Qbot & recon/Cobalt Strike activity, move fast because a ransomware payload may be imminent. Behavioral analytics & detection opportunities in this thread. #RCintel #qakbot

We're seeing a lot of #TA551 emails this Monday morning. This appears to be a highly successful, widespread campaign. #RCintel

We’ve detected suspicious activity in multiple environments today, and, while we haven’t yet observed a payload, we’re concerned the activity may be the result of Exchange Server compromise. 1/7 #RCintel

Detecting precursor activity is a great way to diminish or prevent a ransomware outbreak. One behavior we’ve encountered in numerous IR engagements involves adversaries renaming a popular file sharing utility, and here’s how you can detect it. #RCintel | #incidentresponse 1/6

Happy Friday! We're seeing a bunch of #TA551 emails today, so wanted to share. The emails come in under the attachment name "request[.]zip", which contains a maldoc named similarly to "<word>,02.26.2021.doc" (the format varies, but includes a word and date). #RCintel

We sat down with @likethecoins, director of intelligence at Red Canary, to chat about the Microsoft Exchange activity happening and share what we’re seeing. Check out what she had to say in the thread. #RCintel

You might see that this Appendix to the #RCintel blog on Yellow Cockatoo looks suspiciously like what I talk about...NOT A COINCIDENCE! 😉 I try to practice what I preach! redcanary.com/blog/yellow-co…

Seeing some interesting #Gootkit activity of late, with new tradecraft deviating slightly from historical observations. This thread includes descriptions of behavioral analytics that might offer security teams opportunities for detection. #RCintel

The combination of low guest counts and soaring operating costs have also resulted in eight out of 10 foodservice companies indicating that their profitability in Q1 2023 remains below Q1 2019. Learn more: bit.ly/42bBwb7 #research #RCIntel

TA551 surged in prevalence last month, overtaking Cobalt Strike as the most prevalent threat #RCIntel has observed in 2021 so far. Read more in the first edition of our monthly Intelligence Insights. redcanary.com/blog/intel-ins…

I know, it's Friday...we won't be offended if you wait til Monday to read this. 🙂 Our team noticed some similar activity across several months, so we decided to cluster it and name it Yellow Cockatoo. Lots of detection opportunities! #RCintel

SocGholish reclaims the top spot, Redline activity is on the rise, and detections associated with Raspberry Robin increase...all of this and more in the latest edition of Intelligence insights from #RCIntel. redcanary.com/blog/intellige…

This month's insights from #RCIntel feature Yellow Cockatoo soaring to the top of our list, new tactics from ZLoader, and the rise of BlackByte ransomware. Detection opportunities abound! redcanary.com/blog/intellige…

SocGholish falls from first place, Yellow Cockatoo rebounds, and Qbot campaigns leverage Windows Installer packages. All of this and more in the latest edition of Intelligence Insights from #RCIntel redcanary.com/blog/intellige…

Raspberry Robin leaves tracks, Gootloader returns, and Qbot adopts new tradecraft. Read about all of this and more in this month's Intelligence Insights from #RCIntel redcanary.com/blog/intellige…