The DFIR Report
@TheDFIRReport
Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
Services: https://t.co/XW613EKt2w
03-04-2020 01:33:43
1,3K Tweets
52,7K Followers
0 Following
Interesting #CobaltStrike server:
➡️canarapay-f5agf9ccgteqbpg2[.]z03[.]azurefd[.]net
➡️Using Azure Front Door
➡️Staged/backend on Digital Ocean (AS14061)
➡️URIs: /safebrowsing/
➡️Spawn: WerFault.exe
More info available in our AllIntel service @ thedfirreport.com/services/threa…