4ensiX

4ensiX

FPと言ったものはFPを選んだが表示はTPになっていることに気づいた。

2022-03-01から1ヶ月間の記事一覧

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 27

LetsDefend

Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Sender IP 146.56.209.252 Sender Domain zol.co[.]zw Mail URL link: https[:]//hredoybangladesh[.]com/content/docs/wvoiha4vd1aqty/ hredoybangladesh[.]com Chec…

#LetsDefend

LetsDefend level 1 alert SOC105 - Requested T.I. URL address event-id 28

LetsDefend

Details playbook Analyze Threat Intel Data http[:]//115.99.150.132:56841/Mozi.m Download file Mozi.m Interaction with TI data Log search Add Artifacts End Details EventID: 28 Event Time: Oct. 29, 2020, 7:34 p.m. Rule: SOC105 - Requested T.…

#LetsDefend

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 29

LetsDefend

Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Check If Mail Delivered to User? Add Artifacts End Details EventID: 29 Event Time: Oct. 29, 2020, 7:43 p.m. Rule: SOC101 - Phishing Mail Detected Level: Se…

#LetsDefend

BTLO Challenge Suspicious USB Stick(Retired Challenge) write up

BTLO Forensics Malware

BTLO Challenge Suspicious USB Stick(Retired Challenge) Scenario Challenge Submission 1. What file is the autorun.inf running? (3 points) 2. Does the pdf file pass virustotal scan? (No malicious results returned) (2 points) 3. Does the file…

#BTLO

BTLO Challenge Memory Analysis - Ransomware(Retired Challenge) write up

BTLO memory Forensics

BTLOを始めてみました。 このサービスでは防御分野Blue Teamの実践的なスキルを用意されたファイルとシナリオに沿って学べます。環境が用意されているInvestigationsとファイルが渡されて解析を行うChallengesがあります。 サービスの規約により、Retiredと…

#BTLO

LetsDefend level 1 alert SOC104 - Malware Detected event-id 31

LetsDefend

Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware cdde99520664ac313d43964620019c61 Endpoint - JohnComputer Process History Logsearch Check If Someone Requested the C2 Containment Add Artif…

#LetsDefend

LetsDefend level 1 alert SOC102 - Proxy - Suspicious URL Detected event-id 32

LetsDefend

Details playbook Search Log Analyze URL Address https[:]//encrypted-tbn0.gstatic[.]com/images?q=tbn:ANd9GcSjESkzn2LUxELhnqZZWBbmGwtbqfFsaemB9w&usqp=CAU encrypted-tbn0.gstatic[.]com 172.217.17.174 Add Artifacts End Details EventID: 32 Event…

#LetsDefend

LetsDefend level 1 alert SOC104 - Malware Detected event-id 36

LetsDefend Malware

Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware f83fb9ce6a83da58b20685c1d7e1e546 Log Search 92.63.8.47 Check If Someone Requested the C2 Containment Add Artifacts End Details EventID: 36…

#LetsDefend

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 34

LetsDefend

Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment http[:]//bit.ly/3ecXem52 netflix-payments.com 112.85.42.180 Check If Mail Delivered to User? Check If Someone Opened the Malicios File/URL? Add Artifacts E…

#LetsDefend