LetsDefend level 1 alert SOC138 - Detected Suspicious Xls File event-id 77

LetsDefend Malware

Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned EndpointManagement Analyze Malware ORDER SHEET & SPEC.xlsm 177.53.143.89 multiwaretecnologia.com[.]br Check If Someone Requested the C2 LogManagement Add …

#LetsDefend

2022-01-12

LetsDefend level 1 alert SOC137 - Malicious File/Script Download Attempt event-id 76

LetsDefend Malware

Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Log Search 368 Mar, 07, 2021, 01:50 PM Proxy 172.16.17.37 48463 49.51.12.195 443 iluuryeqa[.]info 49.51.12.195 369 Mar, 07, 2021, 01:54 PM Proxy 172.16.17…

#LetsDefend

2022-01-11

LetsDefend level 1 alert SOC103 - Malicious APK Detected event-id 80

LetsDefend Malware

Details playbook Search Log Analyze APK search APK End Other writeup Details EventID: 80 Event Time: March 15, 2021, 9:55 p.m. Rule: SOC103 - Malicious APK Detected Level: Security Analyst Source Address 10.15.15.14 Source Hostname JessieP…

#LetsDefend #Malicious APK

2022-01-10

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected　event-id 79

LetsDefend Malware

Details Create Case Collection Data 140.82.121.4 Search Log Analyze URL Address Add Artifacts End Details EventID: 79 Event Time: March 15, 2021, 9:30 p.m. Rule: SOC119 - Proxy - Malicious Executable File Detected Level: Security Analyst S…

#LetsDefend

2022-01-09

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected event-id 83

LetsDefend Malware

Details Create Case Collection Data Search Log Analyze URL Address Access https[:]//www.win-rar[.]com/postdownload.html?&L=0&Version=32bit www.win-rar[.]com 51.195.68.163 Add Artifacts End Details EventID: 83 Event Time: March 21, 2021, 1:…

#LetsDefend #WinRAR

2022-01-09

SecurityAnalystっぽいことができる!今一押しのサービス「LetsDefend」

LetsDefend Phishing Mail

今まで、公開情報から何となくマルウェアの解析とかしていた無料で配布されているデータセットや資料に倣って学習していた等でイマイチ実際にSOCであったりでやっていることのイメージがはっきりとしていなかったが、「LetsDefend」に触れたことで「現場…

#LetsDefend #フィッシングメール #マルウェア

4ensiX

FPと言ったものはFPを選んだが表示はTPになっていることに気づいた。

LetsDefend

LetsDefend level 1 alert SOC138 - Detected Suspicious Xls File event-id 77

LetsDefend level 1 alert SOC137 - Malicious File/Script Download Attempt event-id 76

LetsDefend level 1 alert SOC103 - Malicious APK Detected event-id 80

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected　event-id 79

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected event-id 83

SecurityAnalystっぽいことができる!今一押しのサービス「LetsDefend」

LetsDefend level 1 alert SOC138 - Detected Suspicious Xls File event-id 77

LetsDefend level 1 alert SOC137 - Malicious File/Script Download Attempt event-id 76

LetsDefend level 1 alert SOC103 - Malicious APK Detected event-id 80

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected event-id 79

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected event-id 83

SecurityAnalystっぽいことができる!今一押しのサービス「LetsDefend」

LetsDefend level 1 alert SOC119 - Proxy - Malicious Executable File Detected　event-id 79