profile-img
The DFIR Report

@TheDFIRReport

Real Intrusions by Real Attackers, the Truth Behind the Intrusion.

Detections: https://t.co/MtC3iGd1km | Services: https://t.co/XW613EKt2w |

calendar_today03-04-2020 01:33:43

960 Tweets

40,3K Followers

0 Following

The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

Another RDP brute force ransomware strikes again, this time, Snatch Team!

-Lateral movement via RDP
-C2 via Meterpreter/RDP Proxy via Tor
-Persistence via Scheduled Tasks
-Domain ransomed in less than 5 hours

MISP (@[email protected])

thedfirreport.com/2020/06/21/sna…

Another RDP brute force ransomware strikes again, this time, Snatch Team! -Lateral movement via RDP -C2 via Meterpreter/RDP Proxy via Tor -Persistence via Scheduled Tasks -Domain ransomed in less than 5 hours #infosec #malware @MISPProject thedfirreport.com/2020/06/21/sna…
account_circle
The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

Harbulary Battery MISP (@[email protected]) We didn't see Defender Control during this intrusion and we didn't see any commands run or reg keys created around that time, which leads us to believe it was manually turned off but can't confirm. Here's the log

@keydet89 @MISPProject We didn't see Defender Control during this intrusion and we didn't see any commands run or reg keys created around that time, which leads us to believe it was manually turned off but can't confirm. Here's the log
account_circle