專案

一般

配置概況

活動

起 2024-02-17 迄 2024-02-26

2024-02-26

17:39 非法入侵 #473 (In process-進行中): user-pc(rom boot.img.exe)
經查 疑為達清朱總 私人設備.
可能在11月時 有帶至公司 並使用 公司帳號登入 而被安裝相關程式並偵測到.
此設備應已再重新安裝.
近期無再列入異常名單. 益利 周
17:31 非法入侵 #683 (In process-進行中): TPHQ6WKS324
葉虹妤 PC
已移除此電源管理程式. 益利 周
16:36 非法入侵 #687 (Resolved-解决): TAHOERP
將 Cybereason 移除
!clipboard-202402261635-iu8k8.png!
 益利 周
16:09 非法入侵 #686 (In process-進行中): DAVID-THINK
此台設備為 Veolia 所有,擬轉知該單位處理.
!clipboard-202402261605-nw6o2.png!
 益利 周

2024-02-19

10:20 非法入侵 #687 (Closed-關閉): TAHOERP
Description
User hashes from SAM hive accessed
Command line
"C:\Program Files\Cybereason ActiveProbe\minionhost.... Joy Liao
10:19 非法入侵 #686 (Rejected-拒绝): DAVID-THINK
Description
A process attempted to modify Falcon sensor related service binaries. This is indicative of an attempt t... Joy Liao
10:18 非法入侵 #685 (Closed-關閉): TPHOLAP340(net.exe)
Description
A process appears to be accessing credentials and might be dumping passwords. If this is unexpected, rev... Joy Liao
10:17 非法入侵 #684 (Closed-關閉): ULPU-WG-PC-0019
Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ... Joy Liao
10:16 非法入侵 #683 (Closed-關閉): TPHQ6WKS324
Description
A suspicious process injected into another process in an unusual way. Investigate the process trees for ... Joy Liao
10:15 非法入侵 #682 (Closed-關閉): ULPU-WG-PC-0019
Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ... Joy Liao
 

匯出至 Atom