The DFIR Report on Twitter: "A Truly Graceful Wipe Out ➡️Initial Access: Email > TDS > Truebot download ➡️Credentials: LSASS & Registry Dump ➡️Persistence: Scheduled Task ➡️C2: Truebot, FlawedGrace, Cobalt Strike ➡️Exfiltration: FlawedGrace ➡️Impact: MBR Killer https://t.co/qcAYmPmSPB 1/X" / Twitter
https://twitter.com/TheDFIRReport/status/1668219986962161667