letsdefend.io WriteUp - SOC109 - Emotet Malware Detected

November 22nd 2024 | #en #soc

Malware was detected on endpoint RichardPRD (172.16.17.45). Infected file is 1word.doc. VT (48/63) https://www.virustotal.com/gui/file/d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f Maldoc with VBA code. First Seen In The Wild on 2020-06-11 at 13:11:14 UTC. IoCs relate this document to Emotet Malware.

More >

Investigation SOC235 - Atlassian Confluence Broken Access Control 0-day

December 14th 2023 | #en #soc

I have been out of the SOC almost a year now and sometimes I miss digging into alerts. I recently signed up to letsdefend.io to play around. LetsDefend is a really cool training site with a simulated SOC environment that allows you to investigate incidents. The alerts are quite close to what you'd see in the real world. Read on for my analysis of alert SOC235.

More >