profile-img
The DFIR Report

@TheDFIRReport

Real Intrusions by Real Attackers, the Truth Behind the Intrusion.

Detections: https://t.co/MtC3iGd1km | Services: https://t.co/XW613EKt2w |

calendar_today03-04-2020 01:33:43

935 Tweets

39,8K Followers

0 Following

The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

An attacker logged into the honeypot from 178.239.173[.]172. They used Defender Control to turn off Defender and Mimikatz to dump credentials. The attacker then used Network Scanner followed shortly by execution.

thedfirreport.com/2020/04/14/dha…

An attacker logged into the honeypot from 178.239.173[.]172. They used Defender Control to turn off Defender and Mimikatz to dump credentials. The attacker then used Network Scanner followed shortly by #dharma #ransomware execution. thedfirreport.com/2020/04/14/dha…
account_circle