The DFIR Report
@TheDFIRReport
Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
Detections: https://t.co/MtC3iGd1km | Services: https://t.co/XW613EKt2w |
03-04-2020 01:33:43
961 Tweets
40,3K Followers
0 Following
Ongoing #Ursnif campaign loads DLL that claims to be txt file into memory. Follow on activity from both #tvrat and #cobaltstrike
C2 8.208.90.2, 47.241.106.208, various domains usually starting with f1[.]pipen[.]at
IOC's in MISP (@[email protected]) Priv.
#DFIR
thedfirreport.com/2020/04/24/urs…