Open Investigations

Attempted authentication to honey user account anakin on asset ws-hq-anakin.cloudcity.lab
A user from the IP address 10.0.2.10 attempted to authenticate to 3 assets with local account rapid7
A user from the IP address 10.0.2.10 attempted to authenticate to 3 assets with local account administrator
ET MALWARE Comfoo Outbound Communication
Threat Command - Company sensitive data leaked
Threat Command - Company phishing website
Threat Command - A negative use of the company's name was found
Threat Command - Suspicious company executive social media profile
Threat Command - Details of a company active credit card were leaked
Threat Command - Suspected phishing domain
Threat Command - Indication of scam or attack
Threat Command - A hacking tool targeting the company
Threat Command - Company employee credentials leaked from a 3rd party service
Threat Command - Suspected phishing domain
Suspicious Process - Volume Shadow Service Delete Shadow Copies
Attacker Tool - Invoke-Inveigh PowerShell Function