Posts for: #Malware

SOC205 Case Study: Malicious Macro Execution via Phishing Invoice

Alert Name: SOC205 – Malicious Macro has been executed Severity: High Event ID: 231 Event Time: Feb 28, 2024 – 08:42 AM Category: Malware Platform: LetsDefend SOC Executive Summary (Management / Business) On February 28, 2024, a user received a malicious email that appeared to contain a legitimate invoice document. When the user opened the attachment, hidden malicious code inside the document was automatically executed. This hidden code attempted to connect to an external system controlled by an attacker and download additional harmful software.
[Read more]

LetsDefend SOC138 – Suspicious XLS Malware Analysis

Alert Name: SOC138 – Detected Suspicious Xls File Severity: High Event ID: 77 Event Time: Mar 13, 2021, 08:20 PM Category: Malware Play Book 1. Alert Overview A high-risk malware alert was triggered due to the detection of a suspicious Excel macro-enabled file (.xlsm) on the host Sofia. Macro-enabled Excel documents are commonly abused to deliver malware via embedded VBA code that downloads and executes malicious payloads. The file was allowed by the security device, increasing the potential risk of system compromise.
[Read more]

GothamLegend Incident Response – PowerShell Malware Analysis

Scenario Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. The damage caused was critical and resulted in business-wide disruption. GothamLegend had to reach out to a third-party incident response team to assist with the investigation. You are a member of the IR team - all you have is an encoded Powershell script. Can you decode it and identify what malware is responsible for this attack?
[Read more]