CIRCL (Twitter feed) · @circl
117 followers · 607 posts · Server mastodon.opencloud.lu

I recently ran a sample and the attackers went from to in just over two hours. The attackers ran within 30 minutes and confirmed hands on activity on a DC within 60 minutes. @MISPProject @circl_lu
wilbursecurity.com/2020/03/tri …

#IOCs #nsm #dfir #cobaltstrike #ryuk #TrickBot

Last updated 5 years ago

CIRCL - Old account · @circl
117 followers · 607 posts · Server mastodon.opencloud.lu

2019-12-28: Loader -> '1079' Core Bot
Cert: [LIT-DAN UKIS UAB]
Crypter
CryptStringToBinaryA -> malloc -> window (hide)-> memcpy -> resource -> VirtualAllocExNuma -> Crypto Key Decrypt
Same '1079'

twitter.com/VK_Intel/status/12 …
h/t @malwrhunterteampic.twitter.com/Ow9ZZIktEr

#Sectigo #malware #TrickBot

Last updated 5 years ago