Alert Name: SOC138 – Detected Suspicious Xls File
Severity: High
Event ID: 77
Event Time: Mar 13, 2021, 08:20 PM
Category: Malware
Play Book 1. Alert Overview A high-risk malware alert was triggered due to the detection of a suspicious Excel macro-enabled file (.xlsm) on the host Sofia. Macro-enabled Excel documents are commonly abused to deliver malware via embedded VBA code that downloads and executes malicious payloads.
The file was allowed by the security device, increasing the potential risk of system compromise.
Alert Name: SOC336 – Windows OLE Zero-Click RCE Exploitation Detected
Severity: Critical
Event ID: 314
Event Time: Feb 04, 2025, 04:18 PM
Category: Malware
Base Information Field Value Severity Critical Event ID 314 Event Time Feb 04, 2025, 04:18 PM Rule Name SOC336 – Windows OLE Zero-Click RCE Exploitation Detected CVE CVE-2025-21298 Analyst Level Security Analyst Source IP / SMTP Address 84.38.130.118 Sender Email projectmanagement@pm.me Recipient Email Austin@letsdefend.io Email Subject Important: Action Required for Upcoming Project Deadline Attachment Name mail.