#HappyMonday everyone and it's always a good start when the new The DFIR Report drops! This one includes #Truebot, #CobaltStrike, and ends in data exfiltration and the deployment of the #MBRKiller. Enjoy and Happy Hunting!

Link in the comments!

***I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!***

TA0001 - Initial Access
T1566.002 - Phishing: Spearphishing Link

TA0002 - Execution
T1053.005 - Scheduled Task/Job: Scheduled Task
T1204.002 - User Execution: Malicious File

TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078.003 - Valid Accounts: Local Accounts

TA0008 - Lateral Movement
[Here is your chance to fill in the blanks! Enjoy!]

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting