Posts for: #Phishing

SOC326 Case Study: Impersonating Domain MX Record Change Leading to Active Phishing Campaign

Event ID: 304 Rule Name: SOC326 – Impersonating Domain MX Record Change Detected Severity: HIGH Category: Brand Protection / Phishing Event Time: September 17, 2024 – 12:05 PM Impacted Asset: LETSDEFEND Background Sometimes attackers don’t kick the door down — they quietly make a copy of your house key first. In this case, the threat actor registered a look-alike domain and configured email infrastructure before launching a phishing campaign. What initially appeared to be an early warning quickly escalated into active exploitation, resulting in a user clicking a malicious link and communicating with attacker-controlled infrastructure.
[Read more]

SOC205 Case Study: Malicious Macro Execution via Phishing Invoice

Alert Name: SOC205 – Malicious Macro has been executed Severity: High Event ID: 231 Event Time: Feb 28, 2024 – 08:42 AM Category: Malware Platform: LetsDefend SOC Executive Summary (Management / Business) On February 28, 2024, a user received a malicious email that appeared to contain a legitimate invoice document. When the user opened the attachment, hidden malicious code inside the document was automatically executed. This hidden code attempted to connect to an external system controlled by an attacker and download additional harmful software.
[Read more]