{"uuid": "f7d15627-945b-4597-a857-708beaa50492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/1946", "content": "#DFIR\nThe DFIR Report - Ryuk in 5 Hours:\n- Zerologon (CVE-2020-1472) exploited 2 hours after initial execution of Bazar; \n- Cobalt Strike & Bazar for C2; \n- AdFind, Net, Ping, Nltest & PowerShell for Discovery; \n- WMI & RDP for Execution; \n- Ryuk ransomware for Impact.\nhttps://thedfirreport.com/2020/10/18/ryuk-in-5-hours", "creation_timestamp": "2022-11-27T19:23:41.000000Z"}