Analysis

Palo Alto Alert Details Alert ID: PAN-EXFIL-C2-1041-7842 Alert Time: 2024-03-01 10:30:22 EST Severity: CRITICAL (95/100) Source: Palo Alto Networks Firewall + WildFire Rule: “Data Exfiltration Detected over Established C2 Channel” MITRE ATT&CK: T1041 – Exfiltration Over C2 Channel Alert Details: Detection: Large data transfer over previously established C2 connection Source: 192.168.45.78 (ENG-WS-045 – Engineering) Destination: … Read more

CrowdStrike Alert Details Alert ID: CS-BLUETOOTH-EXFIL-1011-7842 Alert Time: 2024-03-02 09:30:15 EST Severity: HIGH (85/100) Source: CrowdStrike Falcon EDR Rule: “Bluetooth File Transfer Detected – Potential Data Exfiltration” MITRE ATT&CK: T1011 – Exfiltration Over Other Network Medium: Bluetooth Alert Details: Detection: Large file transfer over Bluetooth from corporate laptop Host: RND-WS-045 (Research & Development) User: alexchen@company.com … Read more

Cisco Umbrella Alert Details Alert ID: UMBRELLA-DYNAMIC-RES-1568-7842 Alert Time: 2024-03-01 16:30:45 EST Severity: HIGH (88/100) Source: Cisco Umbrella Investigate Rule: “Fast-Flux DNS – Malware C2 Detection” MITRE ATT&CK: T1568.001 – Dynamic Resolution: Fast Flux DNS Alert Details: Detection: Domain using fast-flux DNS (multiple IPs) with malicious reputation Domain: cdn-update-service[.]com First Seen: 2024-03-01 10:00 EST Query … Read more

FortiSandbox Alert Details Alert ID: FORTI-OBFUSCATION-1001-7842 Alert Time: 2024-03-01 09:30:15 EST Severity: HIGH (88/100) Source: Fortinet FortiSandbox Rule: “XOR-Encrypted Data in Network Traffic” MITRE ATT&CK: T1001.002 – Data Obfuscation: Steganography Alert Details: File Analysis Report: File Name: invoice_7842.pdf.exe (submitted from email quarantine)File Size: 1.8 MBSHA256: a1b2c3d4e5f67890a1b2c3d4e5f67890a1b2c3d4Source: Email attachment to finance@company.comSubmission Time: 09:15 EST Sandbox Behavior … Read more

Zscaler Alert Details Alert ID: ZSCALER-WEB-SERVICE-1102-7842 Alert Time: 2024-03-01 14:15:33 EST Severity: HIGH (85/100) Source: Zscaler Internet Access (ZIA) Rule: “C2 Communication via Legitimate Web Service – Pastebin” MITRE ATT&CK: T1102.002 – Web Service: Bidirectional Communication Alert Details: Detection: Internal host communicating with Pastebin in anomalous pattern User: alexchen@company.com (Alex Chen, Engineer) Source IP: 192.168.45.78 … Read more

Cloud Guard Alert Details Alert ID: OCI-COMPROMISE-INFRA-7842 Alert Time: 2024-02-10 14:30:15 EST Severity: CRITICAL (95/100) Source: Oracle Cloud Guard (OCI Security Platform) Rule: “Unauthorized Crypto Mining Activity Detected” MITRE ATT&CK: T1584 – Compromise Infrastructure Alert Details: Finding: Compromised compute instance performing cryptocurrency mining Instance Details: – Instance Name: dev-build-server-03 – OCID: ocid1.instance.oc1.iad.xxxxxxxxx – Compartment: Development … Read more

Microsoft Defender Alert Details Alert ID: MD-REMOTE-ACCESS-1219-7842 Alert Time: 2024-03-01 11:30:22 EST Severity: HIGH (85/100) Source: Microsoft Defender for Endpoint Rule: “Unauthorized Remote Access Software Installed” MITRE ATT&CK: T1219 – Remote Access Software Alert Details: Detection: Unauthorized remote access software (AnyDesk) installed and running Host: FIN-WS-078 (Finance Workstation) User: bturner@company.com (Brian Turner, Accountant) Time: 11:15-11:30 … Read more

Brand Monitoring Alert Details Alert ID: BRAND-FAKE-ACCOUNTS-7842 Alert Time: 2024-02-10 09:30:45 EST Severity: MEDIUM (72/100) Source: ZeroFox Brand Protection Platform Rule: “Impersonation Account Detected – Executive Targeting” MITRE ATT&CK: T1585 – Establish Accounts Alert Details: Finding: Fraudulent LinkedIn accounts impersonating company executives Platform: LinkedIn Accounts Detected: 3 Account 1: “Michael Chen” (Impersonating CFO) – Profile … Read more

Azure AD Alert Details Alert ID: AAD-COMPROMISE-ACCT-7842 Alert Time: 2024-02-10 16:45:33 EST Severity: CRITICAL (98/100) Source: Azure AD Identity Protection Rule: “Impossible Travel + Suspicious Inbox Rule” MITRE ATT&CK: T1586 – Compromise Accounts Alert Details: Identity Protection Risk Detection: User: jwilson@company.com (Jennifer Wilson – VP of Finance) Risk Level: HIGH (98%) Detection Time: 2024-02-10 16:30 … Read more

Threat Intelligence Alert Details Alert ID: TI-CAPABILITY-DEV-7842 Alert Time: 2024-02-10 08:15:22 EST Severity: MEDIUM (68/100) Source: Recorded Future Threat Intelligence Rule: “New Malware Targeting Industry Sector” MITRE ATT&CK: T1587 – Develop Capabilities Alert Details: Threat Intelligence Finding: New malware variant under development targeting our industry Source: Underground Russian Forum “exploit[.]in” Post Date: 2024-02-09 Thread: “Developing … Read more