The DFIR Report (@TheDFIRReport )

The DFIR Report

Bio real intrusions by real attackers, the truth behind the intrusion
Tweets 23
Followers 588
Following 18
Account created 03-04-2020 01:33:43
ID 1245886895458078722

Twitter Web App : An actor logged into the honeypot via RDP and installed XMRig with multiple persistence mechanisms. The actor used icacls and attrib to lock down directories and files to make detection and eradication difficult. #infosec #dfir #iocs

thedfirreport.com/2020/04/20/sql…