skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Security Operation Center Investigates Malicious Download Incident

/ 1 min read

🦠 Security Operation Center Responds to Malicious Download Incident. A report was received regarding a coworker who downloaded a suspicious file while searching for Google Authenticator, prompting an investigation by the Security Operation Center (SOC). Analysis of the packet capture (pcap) revealed an infection linked to a malicious advertisement, corroborated by social media posts. The incident involved a LAN segment with the domain bluemoontuesday.com, and the SOC is tasked with compiling an incident report that includes details such as the infected Windows client’s IP address, MAC address, host name, user account name, and the likely domain for the fake Google Authenticator page, as well as the IP addresses of the command and control (C2) servers involved.

Source
{entry.data.source.title}
Original