SOC205 Case Study: Malicious Macro Execution via Phishing Invoice
Alert Name: SOC205 – Malicious Macro has been executed
Severity: High
Event ID: 231
Event Time: Feb 28, 2024 – 08:42 AM
Category: Malware
Platform: LetsDefend SOC
Executive Summary (Management / Business) On February 28, 2024, a user received a malicious email that appeared to contain a legitimate invoice document. When the user opened the attachment, hidden malicious code inside the document was automatically executed.
This hidden code attempted to connect to an external system controlled by an attacker and download additional harmful software.