lowqe

Microsoft Defender Alert Details Alert ID: MD-CLIPBOARD-1115-7842 Alert Time: 2024-02-28 09:30:15 EST Severity: MEDIUM (72/100) Source: Microsoft Defender for Endpoint Rule: “Clipboard Monitoring by Suspicious Process” MITRE ATT&CK: T1115 – Clipboard Data Alert Details: Detection: Process monitoring clipboard contents repeatedly Host: FIN-WS-078 (Finance Workstation) User: bturner@company.com (Brian Turner, Accountant) Time: 09:15-09:30 EST Process Details: Process: … Read more

CrowdStrike Alert Details Alert ID: CS-VIDEO-CAPTURE-1125-7842 Alert Time: 2024-02-27 10:30:22 EST Severity: HIGH (85/100) Source: CrowdStrike Falcon EDR Rule: “Webcam Access by Suspicious Process” MITRE ATT&CK: T1125 – Video Capture Alert Details: Detection: Process accessing webcam without user interaction Host: EXEC-WS-002 (CFO’s Laptop) User: kwilson@company.com (Karen Wilson, CFO) Time: 10:15-10:30 EST Process Details: Process: C:\Users\kwilson\AppData\Local\Temp\webcam_capture.exe … Read more

Microsoft Defender Alert Details Alert ID: MD-AUDIO-CAPTURE-1123-7842 Alert Time: 2024-02-27 16:30:45 EST Severity: HIGH (88/100) Source: Microsoft Defender for Endpoint Rule: “Microphone Access by Suspicious Process” MITRE ATT&CK: T1123 – Audio Capture Alert Details: Detection: Process accessing microphone without user interaction Host: CONF-ROOM-001 (Conference Room PC) User: SYSTEM (no user logged in) Time: 16:15-16:30 EST … Read more

CrowdStrike Alert Details Alert ID: CS-SCREEN-CAPTURE-1113-7842 Alert Time: 2024-02-27 11:30:22 EST Severity: HIGH (85/100) Source: CrowdStrike Falcon EDR Rule: “Screen Capture Activity Detected – Potential Surveillance” MITRE ATT&CK: T1113 – Screen Capture Alert Details: Detection: Process capturing screenshots repeatedly Host: EXEC-WS-001 (CEO’s Laptop) User: cjohnson@company.com (CEO) Time: 11:15-11:30 EST Process Details: Process: C:\Windows\Temp\capture.exe (PID: 4789)SHA256: … Read more

Darktrace Alert Details Alert ID: DARKTRACE-NON-STANDARD-1571-7842 Alert Time: 2024-02-29 11:30:22 EST Severity: HIGH (85/100) Source: Darktrace Enterprise Immune System Rule: “Non-Standard Protocol over Common Port – Potential Tunneling” MITRE ATT&CK: T1571 – Non-Application Layer Protocol Alert Details: Detection: Non-HTTP traffic detected over port 443 (HTTPS port) Source: 192.168.45.78 (ENG-WS-045 – Engineering) Destination: 194.165.16[.]89:443 Time: 11:15-11:30 … Read more

Cisco Umbrella Alert Details Alert ID: UMBRELLA-TOOL-TRANSFER-1105-7842 Alert Time: 2024-02-29 14:15:33 EST Severity: HIGH (88/100) Source: Cisco Umbrella Secure Internet Gateway Rule: “Malicious File Download Blocked – Known Malware” MITRE ATT&CK: T1105 – Ingress Tool Transfer Alert Details: Detection: Attempt to download known malicious executable blocked User: bturner@company.com (Brian Turner, Finance) Source IP: 192.168.45.112 (FIN-WS-078) … Read more

Zeek Alert Details Alert ID: ZEEK-DATA-ENCODING-1132-7842 Alert Time: 2024-02-29 10:30:22 EST Severity: HIGH (85/100) Source: Zeek (Bro) Network Security Monitor Rule: “Base64-Encoded Data in HTTP Requests – Potential Data Exfiltration” MITRE ATT&CK: T1132.001 – Data Encoding: Standard Encoding Alert Details: Detection: HTTP traffic containing large amounts of base64-encoded data Source: 192.168.45.78 (ENG-WS-045 – Engineering) Destination: … Read more

Zscaler Alert Details Alert ID: ZSCALER-WEB-EXFIL-1567-7842 Alert Time: 2024-03-02 11:30:22 EST Severity: HIGH (85/100) Source: Zscaler Internet Access (ZIA) Rule: “Large Upload to Cloud Storage – Potential Data Exfiltration” MITRE ATT&CK: T1567.002 – Exfiltration Over Web Service: Exfiltration to Cloud Storage Alert Details: Detection: Large file upload to Google Drive from internal user User: kwilson@company.com … Read more

Darktrace Alert Details Alert ID: DARKTRACE-SCHEDULED-EXFIL-1029-7842 Alert Time: 2024-03-02 16:30:45 EST Severity: HIGH (85/100) Source: Darktrace Enterprise Immune System Rule: “Regular Scheduled Data Transfer – Potential Exfiltration” MITRE ATT&CK: T1029 – Scheduled Transfer Alert Details: Detection: Regular, scheduled data transfers to external IP every 24 hours Source: 192.168.45.78 (ENG-WS-045 – Engineering) Destination: 185.143.221[.]89:443 Pattern: Daily … Read more

Zeek Alert Details Alert ID: ZEEK-EXFIL-ALT-PROTO-1048-7842 Alert Time: 2024-03-02 14:15:33 EST Severity: HIGH (88/100) Source: Zeek Network Security Monitor Rule: “Large Data Transfer over DNS – Potential DNS Tunneling” MITRE ATT&CK: T1048.003 – Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Alert Details: Detection: Large volume of DNS queries with encoded data – DNS … Read more