- An actor logged into the honeypot via RDP and installed XMRig with multiple persistence mechanisms. The actor used icacls and attrib to lock down directories and files to make detection and eradication difficult. https://thedfirreport.com/2020/04/20/sqlserver-or-the-miner-in-the-basement/ 3 comments netsec
Linked pages
Related searches:
Search whole site: site:thedfirreport.com
Search title: Sqlserver, or the Miner in the Basement - The DFIR Report
See how to search.