Score
60%
Playbook Success Rate
40%
Investigation Time
SOC Alert Details
| SEVERITY | DATE | RULE NAME | EVENTID | TYPE | ||
|---|---|---|---|---|---|---|
| Medium | Dec, 27, 2023, 11:22 AM | ⭐ SOC250 - APT35 HyperScrape Data Exfiltration Tool Detected | 212 | Data Leakage | ||
⭐ As of August 2022, APT35 aka Charming Kitten was observed using a new tool called Hyperscrape to extract emails from their victims’ mailboxes EventID : 212 Event Time : Dec, 27, 2023, 11:22 AM Rule : SOC250 - APT35 HyperScrape Data Exfiltration Tool Detected Level : Security Analyst Hostname : Arthur Ip Address : 172.16.17.72 Process Name : EmailDownloader.exe Process Path : C:\Users\LetsDefend\Downloads\EmailDownloader.exe Parent Process : C:\Windows\Explorer.EXE Command Line : C:\Users\LetsDefend\Downloads\EmailDownloader.exe File Hash : cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa Trigger Reason : Unusual or suspicious patterns of behavior linked to the hash have been identified, indicating potential malicious intent. Device Action : Allowed Show Hint | ||||||
Playbook Answers
Question:Containment
User answer:Yes
Question:Determine the Scope
User answer:Yes
Correct Answer:No
Question:IP Reputation Check
User answer:No
Correct Answer:Yes
Question:Attacker IP Analysis
User answer:External
Question:Determine the Type of Reconnaissance
User answer:Gather Victim Network Information
Correct Answer:Gather Victim Identity Information
Playbook Note
Empty! You should explain why you closed alarm this way.
Alert Answers
Question:Is this alert True Positive or False Positive?
User answer:
Alert Note
Empty! You should explain why you closed alarm this way.