SOC Journal

Brand Monitoring Alert Details Alert ID: BRAND-FAKE-ACCOUNTS-7842Alert Time: 2024-02-10 09:30:45 ESTSeverity: MEDIUM (72/100)Source: ZeroFox Brand Protection PlatformRule: “Impersonation Account Detected – Executive Targeting”MITRE ATT&CK: T1585 – Establish Accounts Alert Details: Finding: Fraudulent LinkedIn accounts impersonating company executives Platform: LinkedIn Accounts Detected: 3 Account 1: “Michael Chen” (Impersonating CFO) – Profile URL: linkedin.com/in/michael-chen-cfo – Created: 2024-02-08 … Read more

Cloud Guard Alert Details Alert ID: OCI-COMPROMISE-INFRA-7842Alert Time: 2024-02-10 14:30:15 ESTSeverity: CRITICAL (95/100)Source: Oracle Cloud Guard (OCI Security Platform)Rule: “Unauthorized Crypto Mining Activity Detected”MITRE ATT&CK: T1584 – Compromise Infrastructure Alert Details: Finding: Compromised compute instance performing cryptocurrency mining Instance Details: – Instance Name: dev-build-server-03 – OCID: ocid1.instance.oc1.iad.xxxxxxxxx – Compartment: Development – Region: US East (Ashburn) … Read more

Proofpoint Alert Details Alert ID: PROOFPOINT-PHISH-INFO-7842Alert Time: 2024-02-10 10:15:22 ESTSeverity: HIGH (82/100)Source: Proofpoint Targeted Attack Protection (TAP)Rule: “Credential Phishing Attempt Detected”MITRE ATT&CK: T1598 – Phishing for Information Alert Details: Email Analysis Report: Sender: noreply@adp-payroll[.]net Reply-To: support@payroll-verify[.]com Subject: “ACTION REQUIRED: Your Q1 Payroll Statement Requires Verification” Recipients: 47 employees (Finance, HR, Executive) Time: 2024-02-10 10:05 EST … Read more

Passive DNS Alert Details Alert ID: PDNS-INFRA-ACQUIRE-7842Alert Time: 2024-02-09 08:15:33 ESTSeverity: HIGH (75/100)Source: Farsight Security DNSDB (Passive DNS)Rule: “New Domains Registered with Company Name Pattern”MITRE ATT&CK: T1583 – Acquire Infrastructure Alert Details: Passive DNS Discovery: Newly registered domains matching company naming patterns Domain 1: company-secure-login[.]com – Registrar: Namecheap – Registration Date: 2024-02-08 – Nameservers: ns1.digitalocean[.]com, … Read more

WAF Alert Details Alert ID: WAF-DIRECTORY-SCAN-7842Alert Time: 2024-02-09 16:45:22 ESTSeverity: MEDIUM (62/100)Source: Cloudflare WAFRule: “Directory Enumeration Scan Detected”MITRE ATT&CK: T1594 – Search Victim-Owned Websites Alert Details: Detection: Directory/file enumeration against company website Target: www.company.com Source IP: 185.143.221[.]89 (Romania) Time Window: 16:30 – 16:45 EST Requests: 2,847 Pattern: Sequential directory/file brute-forcing Request Patterns Observed: – /admin … Read more

Brand Monitoring Alert Details Alert ID: BRAND-OPENWEB-7842Alert Time: 2024-02-09 11:30:45 ESTSeverity: MEDIUM (68/100)Source: ZeroFox Brand Protection PlatformRule: “Impersonating Social Media Account Detected”MITRE ATT&CK: T1593 – Search Open Websites/Domains Alert Details: Finding Type: Impersonation/Squatting Detection Platform: Twitter/X Account: @CompanySupport_US Created: 2024-02-08 Followers: 47 Following: 12 Tweets: 8 Account Content: – Profile Picture: Company logo (copied from … Read more

Shodan Alert Details Alert ID: SHODAN-EXPOSED-ASSETS-7842Alert Time: 2024-02-09 14:15:33 ESTSeverity: HIGH (85/100)Source: Shodan MonitorRule: “New Exposed Asset Detected – Critical Infrastructure”MITRE ATT&CK: T1596 – Search Open Technical Databases Alert Details: Asset Discovery: New publicly exposed asset detected on Shodan IP Address: 203.0.113.142 Hostname: dev-gateway.company.com Ports Open: – 22: SSH (OpenSSH 7.9, banner: “Ubuntu-20.04”) – 80: … Read more

Digital Shadows Alert Details Alert ID: DS-CLOSED-SOURCES-7842Alert Time: 2024-02-09 09:22:15 ESTSeverity: HIGH (78/100)Source: Digital Shadows SearchLight PlatformRule: “Sensitive Company Data Found on Closed Sources”MITRE ATT&CK: T1597 – Search Closed Sources Alert Details: Finding Type: Closed Source Monitoring (Dark Web, Forums, Telegram) Detection Time: 2024-02-09 09:15 EST Content Discovery Date: 2024-02-08 22:00 EST Source 1: Restricted … Read more

OSINT Alert Details Alert ID: OSINT-ORG-INFO-7842Alert Time: 2024-02-08 10:05:12 ESTSeverity: MEDIUM (62/100)Source: Silent Push (OSINT Monitoring Platform)Rule: “Corporate Information Exposure on External Platforms”MITRE ATT&CK: T1591 – Gather Victim Organization Information Alert Details: OSINT Findings Summary: 1. LinkedIn Platform:    – 45 employees posted about “new ERP system implementation”    – 12 employees listed “SAP S/4HANA Migration Team” … Read more

Splunk Alert Details Alert ID: SPLUNK-NETWORK-RECON-7842Alert Time: 2024-02-08 13:22:45 ESTSeverity: MEDIUM (68/100)Source: Splunk Enterprise Security Correlation RuleRule: “Internal Network Reconnaissance – DNS Query Anomaly”MITRE ATT&CK: T1590 – Gather Victim Network Information Alert Details: Correlation Rule: “Excessive DNS Queries for Internal Hostnames” Time Window: 13:15 – 13:22 EST (7 minutes) Source Host: IT-WS-023 (IT Department) User: … Read more