Investigating a malicious DOCM download attempt, validating the file hash via VirusTotal, confirming no execution or C2 communication occurred, and verifying the threat was successfully blocked before impact.
Investigating a threat intelligence alert after an endpoint connected to a known malicious domain, correlating firewall logs to a macro-enabled Excel file execution, validating the malware through VirusTotal, and initiating containment following confirmed C2 communication.
Investigating a suspicious Excel macro alert after a malicious XLSM file executed on an endpoint, validating malware through VirusTotal and Hybrid Analysis, correlating outbound encrypted traffic to a confirmed C2 server, and initiating containment following confirmed compromise.
Analyzing a malicious VBA macro document, decoding obfuscated hex strings, identifying payload delivery, and investigating HTTP communication and WMI execution techniques.
