letsdefend.io WriteUp - SOC109 - Emotet Malware Detected
Malware was detected on endpoint RichardPRD (172.16.17.45). Infected file is 1word.doc. VT (48/63) https://www.virustotal.com/gui/file/d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f Maldoc with VBA code. First Seen In The Wild on 2020-06-11 at 13:11:14 UTC. IoCs relate this document to Emotet Malware.
More >Investigation SOC235 - Atlassian Confluence Broken Access Control 0-day
I have been out of the SOC almost a year now and sometimes I miss digging into alerts. I recently signed up to letsdefend.io to play around. LetsDefend is a really cool training site with a simulated SOC environment that allows you to investigate incidents. The alerts are quite close to what you'd see in the real world. Read on for my analysis of alert SOC235.
More >