Posts for: #Malware Analysis

LetsDefend SOC138 – Suspicious XLS Malware Analysis

Alert Name: SOC138 – Detected Suspicious Xls File Severity: High Event ID: 77 Event Time: Mar 13, 2021, 08:20 PM Category: Malware Play Book 1. Alert Overview A high-risk malware alert was triggered due to the detection of a suspicious Excel macro-enabled file (.xlsm) on the host Sofia. Macro-enabled Excel documents are commonly abused to deliver malware via embedded VBA code that downloads and executes malicious payloads. The file was allowed by the security device, increasing the potential risk of system compromise.
[Read more]

LetsDefend SOC336 – Windows OLE Zero-Click RCE (CVE-2025-21298) Analysis

Alert Name: SOC336 – Windows OLE Zero-Click RCE Exploitation Detected Severity: Critical Event ID: 314 Event Time: Feb 04, 2025, 04:18 PM Category: Malware Base Information Field Value Severity Critical Event ID 314 Event Time Feb 04, 2025, 04:18 PM Rule Name SOC336 – Windows OLE Zero-Click RCE Exploitation Detected CVE CVE-2025-21298 Analyst Level Security Analyst Source IP / SMTP Address 84.38.130.118 Sender Email projectmanagement@pm.me Recipient Email Austin@letsdefend.io Email Subject Important: Action Required for Upcoming Project Deadline Attachment Name mail.
[Read more]