The SOC received a tip regarding suspicious activity on the domain. A user, Dan, is concerned about a series of events that transpired while screening a candidate for a new position. Dan claims that the candidate attempted to send his resume via email, but was unsuccessful. When Dan received the resume (ResumeJan24.zip), it was in a non-standard format that would not open on his computer. The candidate ceased communication with Dan shortly after coaching him on how to open the file.
The events in your SIEM can be found in the following timespan: 5 January 2024 - 7 January 2024.
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.