Show threadThe DFIR Report3d ago

The Flow: A fake "Verify You Are Human" prompt leads to Node.js C2 (interlock RAT), followed by hands-on-keyboard activity where they use vol.exe from \AppData\Local\Temp\ to harvest credentials.

Defender Tip: Monitor for vol.exe or python.exe interacting with memory dump files in user temp folders. If you see Hashdump in your logs and it isn't your IR team... you have a live intrusion.

Want more info? Get in touch!

#CyberSecurity #Ransomware #BlueTeam #DFIR #Interlock #Infosec

securityaffairs4d ago
#Interlock group exploiting the #CISCO FMC flaw CVE-2026-20131 36 days before disclosure
https://securityaffairs.com/189636/malware/interlock-group-exploiting-the-cisco-fmc-flaw-cve-2026-20131-36-days-before-disclosure.html
#securityaffairs #hacking #malware
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January.

Security Affairs
RedPacket Security4d ago

[INTERLOCK] - Ransomware Victim: Delta Manufacturing - https://www.redpacketsecurity.com/interlock-ransomware-victim-delta-manufacturing/

#interlock #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[INTERLOCK] - Ransomware Victim: Delta Manufacturing - RedPacket Security

NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating

RedPacket Security
RansomLook4d ago
New post from #Interlock : Delta Manufacturing
More at : https://www.ransomlook.io/group/Interlock #Ransomware
interlock details

Open, searchable ransomware group intelligence with live stats, posts and an API.

The New OilMar 16

#AI-generated #Slopoly #malware used in #Interlock #ransomware attack

https://www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/

#cybersecurity

AI-generated Slopoly malware used in Interlock ransomware attack

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack.

BleepingComputer
RedPacket SecurityMar 11

[INTERLOCK] - Ransomware Victim: Elliott-Lewis - https://www.redpacketsecurity.com/interlock-ransomware-victim-elliott-lewis/

#interlock #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[INTERLOCK] - Ransomware Victim: Elliott-Lewis - RedPacket Security

NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating

RedPacket Security
RansomLookMar 11
New post from #Interlock : Elliott-Lewis
More at : https://www.ransomlook.io/group/Interlock #Ransomware
interlock details

Open, searchable ransomware group intelligence with live stats, posts and an API.

DysruptionHubMar 10
Wagon Mound schools in New Mexico shut network after virus #Ransomware #NewMexico #Interlock #PublicSchools #RansomwareLive #cybersecurity https://dysruptionhub.com/wagon-mound-schools-virus-new-mexico/
Wagon Mound schools in New Mexico shut network after virus

Wagon Mound Public Schools, N.M., took computers offline after a virus hit its network. A ransomware group later listed the district as a victim.

DysruptionHub
RedPacket SecurityMar 10

[INTERLOCK] - Ransomware Victim: Wagon Mound Public Schools - https://www.redpacketsecurity.com/interlock-ransomware-victim-wagon-mound-public-schools/

#interlock #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[INTERLOCK] - Ransomware Victim: Wagon Mound Public Schools - RedPacket Security

NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating

RedPacket Security
RansomLookMar 9
New post from #Interlock : Wagon Mound Public Schools
More at : https://www.ransomlook.io/group/Interlock #Ransomware
interlock details

Open, searchable ransomware group intelligence with live stats, posts and an API.