Malicious Blog URL in Alert #11379

anomalies324 · 2024-11-05T20:19:39Z

the rule "Detecting Macro Invoking ShellBrowserWindow COM Objects" contains a malicious URL posing as a blog subsequent requests to the URL also redirect to a scam advertising site indicating some type of redirection manipulation to try and stop security research.

Malicious URL - https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking[.]html

Alert URL - https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml

v-rusraut · 2024-11-08T05:29:23Z

Hi @anomalies324 , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

v-sudkharat · 2024-11-12T10:16:35Z

@v-visodadasi, look into this issue.

v-sudkharat assigned v-sudkharat and v-rusraut Nov 6, 2024

v-sudkharat added the Analytic Rules label Nov 6, 2024

v-sudkharat assigned v-visodadasi Nov 12, 2024

v-visodadasi linked a pull request Nov 18, 2024 that will close this issue

Removed the broken URL in Endpoint Threat Protection Essentials #11440

Merged

v-prasadboke closed this as completed in #11440 Nov 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Malicious Blog URL in Alert #11379

Malicious Blog URL in Alert #11379

anomalies324 commented Nov 5, 2024

v-rusraut commented Nov 8, 2024

v-sudkharat commented Nov 12, 2024

Malicious Blog URL in Alert #11379

Malicious Blog URL in Alert #11379

Comments

anomalies324 commented Nov 5, 2024

v-rusraut commented Nov 8, 2024

v-sudkharat commented Nov 12, 2024