2022-04-01から1ヶ月間の記事一覧
Details playbook Analyze Threat Intel Data URL https[:]//pssd-ltdgroup[.]com/ Domain pssd-ltdgroup[.]com 5.188.0.251 Interaction with TI data Log Endpoint Containment Add Artifacts End Details EventID: 16 Event Time: Sept. 20, 2020, 10:54 …
Details playbook Check if the malware is quarantined/cleaned Analyze Malware Add Artifacts End Details EventID: 17 Event Time: Sept. 22, 2020, 11:10 a.m. Rule: SOC106 - Found Suspicious File - TI Data Level: Security Analyst Source Address…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment 送信側アドレス cashbank[.]com 172.82.128.241 mail Attachments Check If Mail Delivered to User? Check If Someone Opened the Malicios File/URL? Add Artifacts…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware creditcard -> 27e56f0f4bbb933a9ef25e0e0c2a4aaae578bdc2623e6bcdf664834e4ce60c9d Check If Someone Requested the C2 Add Artifacts End Details…
Details playbook Analyze Threat Intel Data https[:]//raw.githubusercontent[.]com/django/django/master/setup.py 151.101.112.133 Add Artifacts End Details EventID: 20 Event Time: Oct. 19, 2020, 9:54 p.m. Rule: SOC105 - Requested T.I. URL add…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware F46B0C39FCFDF4C0426C9276A2BB48C6 Check If Someone Requested the C2 Containment Add Artifacts End Details EventID: 21 Event Time: Oct. 20, …
Details playbook Search Log Analyze URL Address アクセス先ip 35.189.10.17 Suspicious URL: http[:]//stylefix[.]co/guillotine-cross/CTRNOQ/ Has Anyone Accessed IP/URL/Domain? Containment Add Artifacts End Details EventID: 22 Event Time: Oct.…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 1ceda3ccc4e450088204e23409904fa8 Check If Mail Delivered to User? Add Artifacts End Details EventID: 24 Event Time: Oct. 25, 2020, 9:32 p.m. Ru…
Details 送信元 157.230.109.166 playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 5a3de19f198269947bb509152678b7d2 Check If Mail Delivered to User? Add Artifacts End Details EventID: 25 Event Time: Oct.…
Details playbook Analyze URL Address 217.8.117.7 http[:]//jamesrlongacre.ac[.]ug/ac.exe User Agent: Firewall Test - Dont Block <- ???? Has Anyone Accessed IP/URL/Domain? Add Artifacts End Details EventID: 26 Event Time: Oct. 29, 2020, 7:05…
