活動 - 02_資安事件及異常紀錄 - MIS部門作業管理平台

活動

起 2024-02-16 迄 2024-02-25

10:20 非法入侵 #687 (Closed-關閉): TAHOERP: Description
User hashes from SAM hive accessed
Command line
"C:\Program Files\Cybereason ActiveProbe\minionhost.... Joy Liao
10:19 非法入侵 #686 (Rejected-拒绝): DAVID-THINK: Description
A process attempted to modify Falcon sensor related service binaries. This is indicative of an attempt t... Joy Liao
10:18 非法入侵 #685 (Closed-關閉): TPHOLAP340(net.exe): Description
A process appears to be accessing credentials and might be dumping passwords. If this is unexpected, rev... Joy Liao
10:17 非法入侵 #684 (Closed-關閉): ULPU-WG-PC-0019: Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ... Joy Liao
10:16 非法入侵 #683 (Closed-關閉): TPHQ6WKS324: Description
A suspicious process injected into another process in an unusual way. Investigate the process trees for ... Joy Liao
10:15 非法入侵 #682 (Closed-關閉): ULPU-WG-PC-0019: Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ... Joy Liao

匯出至 Atom