Please enable JavaScript.

Coggle requires JavaScript to display documents.

Cyber Teams A-D-E (Please choose team: (Team A (Action: no user action …

- - - - Text:
        A local company's website is found defaced. IT staff conducted initial analysis and found suspicious files on the web server. Received: "Normal Webpage" and "Defaced Webpage".
        New Items:
        1) Complainant Report
        2) Victimized Company
        3) Incident Response Protocol
        
        Action:
        25) Quarantined Malware
        +Items:
        2) Victimized Company
        3) Incident Response Protocol
        
        Text:
        ??? Action 25
        New items:
        6) Malware - Keylogger
        
        Action:
        33) Digital Image / Artifacts
        +Items:
        6) Malware - Keylogger
        
        Text:
        Backdoor Connection to 111.122.133.144
        New items:
        7) Live Connection: 111.122.133.144
        
        Action:
        17) Domain Tools
        +Items:
        7) Live Connection: 111.122.133.144
        
        1 more item...
        
        Action:
        34) Network Examination
        +Items:
        7) Live Connection: 111.122.133.144
        
        1 more item...
        
        Action:
        24) System Log
        +Items:
        2) Victimized Company
        3) Incident Response Protocol
        
        Text:
        ??? Action 24
        New items:
        4) Access Log
        5) Firewall Log
        
        Action:
        12) Log Analysis
        +Items:
        4) Access Log
        
        Text:
        ??? Action 12.1
        New items:
        no new items
        
        Action:
        12) Log Analysis
        +Items:
        5) Firewall Log
        
        Text:
        ??? Action 12.2
        New items:
        no new items
        
        Action:
        26) Network Diagram
        +Items:
        2) Victimized Company
        
        Text:
        Please wait, need to do some digging…
        New items:
        no new items
  - - - Text:
        Cyber Patrol found that someone in a forum is selling dangerous drugs
        New Items:
        1) Intelligence Report
        2) Forum
        3) Post
        
        Action:
        36) Social Media Platforms
        +Items:
        3) Post
        
        Text:
        Some post contains a URL like dark web
        For the security of the community, it is suggested to perform control buy operation
        Security risk assessment is performed and below risk threshold
        New Items:
        4) Post Content Analysis Result
        5) Darkweb Forum
        
        Action:
        35) Deep Web
        +Items:
        5) Darkweb Forum
        
        Text:
        ??? Action 35.1
        New Items:
        6) Deep Web Research Result
        7) Bitcoin address
        
        Action:
        31) Bitcoin Fundflow Analysis
        +Items:
        7) Bitcoin address
        
        1 more item...
  - - - Text:
        Cyber Patrol found that someone in a forum is selling suspicious firearms
        New Items:
        1) Intelligence Report
        2) Forum
        3) Post
        
        Action:
        36) Social Media Platforms
        +Items:
        3) Post
        
        Text:
        ??? Action 36
        New Items:
        4) Post Content Analysis Result
        5) Domain Record "yellowrain.net"
        
        Action:
        17) Domain Tools
        +Items:
        5) Domain Record "yellowrain.net"
        
        Text:
        ??? Action 17.5
        New Items:
        6) Domain Record of "hongyellow@abc.com"
        7) Domain Record "abc.com"
        
        Action:
        17) Domain Tools
        +Items:
        7) Domain Record "abc.com"
        
        1 more item...
        
        Action:
        17) Domain Tools
        +Items:
        7) Domain Record "abc.com"
        2) Forum #
        
        1 more item...
        
        Action:
        no user action
        +Items:
        7) Domain Record "abc.com"
        4) Post Content Analysis Result #
        
        1 more item...