Investigating a threat intelligence alert after an endpoint connected to a known malicious domain, correlating firewall logs to a macro-enabled Excel file execution, validating the malware through VirusTotal, and initiating containment following confirmed C2 communication.
Investigating a suspicious Excel macro alert after a malicious XLSM file executed on an endpoint, validating malware through VirusTotal and Hybrid Analysis, correlating outbound encrypted traffic to a confirmed C2 server, and initiating containment following confirmed compromise.
Investigating a malicious email attachment, validating malware in VirusTotal, identifying C2 communication in logs, deleting the phishing email, and initiating endpoint containment.
Investigating a malware detection alert, analyzing a phishing email with malicious Excel attachment, validating indicators in VirusTotal, confirming C2 communication, and initiating endpoint containment.
Analyzing malicious Office documents exploiting MSHTML (CVE-2021-40444), using oletools to extract indicators, identify malicious domains and IPs, and investigate document-based exploitation.
Analyzing a malicious Excel 4.0 (XLM) macro document using XLMMacroDeobfuscator and oletools to identify process execution, regsvr32 abuse, and DLL payload behavior.
Analyzing a malicious Word document using VirusTotal to identify RTF exploit behavior, CVE-2017-11882 abuse, payload delivery, and network communication.
Analyzing a malicious XLS file using VirusTotal to identify detection signatures, dropped files, spyware download URLs, and file intelligence indicators.
Analyzing a malicious VBA macro document, decoding obfuscated hex strings, identifying payload delivery, and investigating HTTP communication and WMI execution techniques.
Investigating a deceptive email alert, analyzing a malicious ZIP attachment in VirusTotal, identifying C2 communication, correlating SIEM logs, and initiating endpoint containment.
Investigating a true positive malware detection alert, validating Avaddon ransomware via VirusTotal and Hybrid Analysis, identifying EDR removal, and initiating endpoint containment from a SOC analyst perspective.
Investigating an Emotet malware detection alert, validating the hash in VirusTotal, reviewing SIEM and endpoint logs, and confirming a true positive successfully quarantined by EDR.
Investigating a malware detection alert, confirming Maze ransomware via VirusTotal and Hybrid Analysis, identifying C2 communication, and initiating containment.
