profile-img
The DFIR Report

@TheDFIRReport

Real Intrusions by Real Attackers, the Truth Behind the Intrusion.

Detections: https://t.co/MtC3iGd1km | Services: https://t.co/XW613EKt2w |

calendar_today03-04-2020 01:33:43

961 Tweets

40,3K Followers

0 Following

The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

An actor logged into the honeypot via RDP and installed XMRig with multiple persistence mechanisms. The actor used icacls and attrib to lock down directories and files to make detection and eradication difficult.

thedfirreport.com/2020/04/20/sql…

An actor logged into the honeypot via RDP and installed XMRig with multiple persistence mechanisms. The actor used icacls and attrib to lock down directories and files to make detection and eradication difficult. #infosec #dfir #iocs thedfirreport.com/2020/04/20/sql…
account_circle