[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feujT2cCt6ud8k5rV_WJmRBOEHyyFlK-WGXZK6WlAe-w":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":23,"category":24,"article_tags":27},"f7aa9c65-da2e-4f8c-bff7-eda185a37aa7","\"On the 18th day of the intrusion, during the second round of threat actor activity, the threat a...","on-the-18th-day-of-the-intrusion-during-the-second-round-of-threat-actor-activit-c46dde","\"On the 18th day of the intrusion, during the second round of threat actor activity, the threat actor moved to final objectives involving the deployment of ransomware across the environment. Using their injected Winlogon process...\n\nReport: https:\u002F\u002Ft.co\u002FMdbthjk2PA https:\u002F\u002Ft.co\u002FYxyxWKVsQP","A threat actor conducted a multi-stage intrusion culminating in ransomware deployment across an affected environment. The attack leveraged process injection into Winlogon to maintain persistence and execute final objectives. The incident demonstrates a sophisticated attack chain spanning over two weeks of reconnaissance and lateral movement before ransomware activation.","Threat actor deploys ransomware after 18-day intrusion using injected Winlogon process.",null,"https:\u002F\u002Fx.com\u002FTheDFIRReport\u002Fstatus\u002F2062500900514533799","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJ95o3JXIAAbuQ_.jpg","2026-06-04T11:45:08+00:00","2026-06-04T12:00:14.499756+00:00",7,[18,21],{"name":19,"type":20},"Winlogon","technology",{"name":22,"type":20},"Process Injection","7d8b5ab8-ea0b-4ced-ae97-ec251b86993a",{"id":23,"icon":11,"name":25,"slug":26},"Ransomware","ransomware",[28,33,38],{"category":29},{"id":30,"icon":11,"name":31,"slug":32},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":34},{"id":35,"icon":11,"name":36,"slug":37},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[44,48],{"type":45,"value":46,"context":47},"mitre_attack","T1547.008","Winlogon Helper DLL process injection technique used for persistence",{"type":45,"value":49,"context":50},"T1561.002","Ransomware deployment across environment"]