Date
October 30, 2024
Location
ENB 216
Tags
Advanced MeetingBlue Team Topics
Check-in!
Meeting Content
IOC’s and Artifacts to investigate:
Network administrator making SMB connections from 10.13.234.13 to 10.13.243.9
Account lockout sourcing from IP 176.111.174[dot]131
Filehash 20aeb22457a14a29f5ab54b61db56759d492a72b0dc7a55575914e89bedaf177seen in
C:\Users\JDawg\Downloads\WLoader, parent process is [wscript.exe]
Host alerted for critical malware detection, 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aa