LetsDefend level 1 alert SOC102 - Proxy - Suspicious URL Detected event-id 22

LetsDefend

Details playbook Search Log Analyze URL Address アクセス先ip 35.189.10.17 Suspicious URL: http[:]//stylefix[.]co/guillotine-cross/CTRNOQ/ Has Anyone Accessed IP/URL/Domain? Containment Add Artifacts End Details EventID: 22 Event Time: Oct.…

#LetsDefend #Emotet #malware

2022-04-03

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 24

LetsDefend

Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 1ceda3ccc4e450088204e23409904fa8 Check If Mail Delivered to User? Add Artifacts End Details EventID: 24 Event Time: Oct. 25, 2020, 9:32 p.m. Ru…

#LetsDefend #Emotet #malware #エモテット #マルウェア

2022-04-03

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 25

LetsDefend

Details 送信元 157.230.109.166 playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 5a3de19f198269947bb509152678b7d2 Check If Mail Delivered to User? Add Artifacts End Details EventID: 25 Event Time: Oct.…

#LetsDefend #Emotet #エモテット #malware #マルウェア

4ensiX

FPと言ったものはFPを選んだが表示はTPになっていることに気づいた。

2022-04-03から1日間の記事一覧

LetsDefend level 1 alert SOC102 - Proxy - Suspicious URL Detected event-id 22

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 24

LetsDefend level 1 alert SOC101 - Phishing Mail Detected event-id 25