Sqlserver, or the Miner in the Basement - The DFIR Report - discu.eu

Reddit

An actor logged into the honeypot via RDP and installed XMRig with multiple persistence mechanisms. The actor used icacls and attrib to lock down directories and files to make detection and eradication difficult. https://thedfirreport.com/2020/04/20/sqlserver-or-the-miner-in-the-basement/ 3 comments 21/4/2020 netsec

Linked pages

NSSM - the Non-Sucking Service Manager https://nssm.cc/ 10 comments

Related searches:

Search whole site: site:thedfirreport.com

Search title: Sqlserver, or the Miner in the Basement - The DFIR Report

See how to search.

Submit link to: