profile-img
The DFIR Report

@TheDFIRReport

Real Intrusions by Real Attackers, the Truth Behind the Intrusion.

Services: https://t.co/XW613EKt2w

calendar_today03-04-2020 01:33:43

1,0K Tweets

43,9K Followers

0 Following

The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

Another coin miner (XMRig) dropped in the honeypot...

rig2.exe

-Attrib used to hide C:\Windows\Fonts\Windows
-Cacls used to restrict folder access to System
-Scheduled Tasks used for persistence

13/71
virustotal.com/gui/file/eb45d…

app.any.run/tasks/cb70da65…

Another coin miner (XMRig) dropped in the honeypot... rig2.exe -Attrib used to hide C:\Windows\Fonts\Windows -Cacls used to restrict folder access to System -Scheduled Tasks used for persistence 13/71 virustotal.com/gui/file/eb45d… app.any.run/tasks/cb70da65…
account_circle