all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

unexpected mapi32.dll access

Add to bookmarks
March 29, 2023, 5:11 p.m. | /u/Beef_Studpile

Computer Forensics www.reddit.com

We recently started shipping all of our EDR data to our SIEM, and we started getting alerts to 'possible emotet' activity.

The alert specifically looks for non-outlook processes loading mapi32.dll. Simple, but has never been triggered because we didn't have process data in the SIEM yet.

I was able to find a [good resource](https://www.seqrite.com/documents/en/white-papers/Whitepaper_HowToPM.pdf) describing how emotet uses mapi32.dll to scrape local email data

\-------

Upon shipping the data, we immediately had this rule trigger hundreds of times. Which can …

access acrobat alert alerts computerforensics data dll edr emotet excel false positive non outlook process processes question shipping siem simple trigger

Visit resource

More from www.reddit.com / Computer Forensics

How do you create a hard disk image without Hardware write blocker? 15 hours ago | www.reddit.com
advice anonymity blocker bore +13
Existing IT experience - how to move into Forensics? 1 day, 11 hours ago | www.reddit.com
adhd back burnout computerforensics +13
How do I get started in computer forensics as a computer science student? 2 days ago | www.reddit.com
can computer computer forensics computerforensics +13
Is public computer forensics dying? 2 days, 9 hours ago | www.reddit.com
check collections computer computer forensics +11
Is it better to get a associates in criminal justice and then a bachelors in … 3 days, 6 hours ago | www.reddit.com
computerforensics criminal cybersecurity enforcement +7
Horus v1.2.1 Released! (An OSINT / digital forensics tool built in Python - formerly 'Sentinel') 5 days, 4 hours ago | www.reddit.com
1.2.1 api assistance computerforensics +16
Any recommendations for textbooks I can read to get an introduction to digital forensics? 1 week, 1 day ago | www.reddit.com
books can cissp computerforensics +10
Software Recommendations 1 week, 2 days ago | www.reddit.com
aim appointments cellebrite clients +19
Interesting argument in Qualification and Forensics tools 1 week, 3 days ago | www.reddit.com
argument computerforensics forensics forensics tools +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Regional Leader, Cyber Crisis Communications

@ Google | United Kingdom
View on infosec-jobs.com

Regional Intelligence Manager, Compliance, Safety and Risk Management

@ Google | London, UK
View on infosec-jobs.com

Senior Analyst, Endpoint Security

@ Scotiabank | Toronto, ON, CA, M1K5L1
View on infosec-jobs.com

Software Engineer, Security/Privacy, Google Cloud

@ Google | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Security Engineer

@ Coinbase | Remote - USA
View on infosec-jobs.com
View more jobs