MISP Project - Old account · @MISPProject
226 followers · 517 posts · Server mastodon.opencloud.luOngoing #Ursnif campaign loads DLL that claims to be txt file into memory. Follow on activity from both #tvrat and #cobaltstrike
C2 8.208.90.2, 47.241.106.208, various domains usually starting with f1[.]pipen[.]at
IOC's in @MISPProject Priv.
https://thedfirreport.com/2020/04/24/ursnif-via-lolbins/ …pic.twitter.com/0OoRNLWZBO
#dfir #cobaltstrike #tvrat #Ursnif
Last updated 5 years ago