naman-tare/Malware-Analysis-Kaspersky-Incident

# 🛡️ Malware Analysis Report – Kaspersky Detection 📌 Incident Details - Client: Somaiya Vidyavihar - Incident ID: #SOC2024-001 - Date: 21/12/2024 - Alert Time: 13:44 IST - Severity: High ⚠️ Description Kaspersky detected multiple malware events across several hosts. Event IDs observed: `GNRL_EV_OBJECT_CURED`, `GNRL_EV_OBJECT_DELETED`, `GNRL_EV_VIRUS_FOUND`, `GNRL_EV_OBJECT_NOTCURED`. Malicious objects included *HackTool.Win32.KMSAuto*, *Adware*, and *RemoteAdmin.Win32.RemoteUtilities*. 🔍 Findings - Multiple malicious hashes identified (verified via VirusTotal). - Attack vectors: phishing emails, compromised websites, vulnerable software, RDP exploitation, stolen credentials. - Risks: data theft, exfiltration, backdoors, botnets. 🛠 Containment - Isolated infected systems. - Restricted removable media usage. - Enforced least privilege (standard user accounts). ✅ Mitigation - Full network scan via Kaspersky Security Center. - Applied latest patches and updates. - User awareness training on phishing and suspicious downloads. 📂 Files in Repo - `1. Kaspersky Malware Detected event.txt` → Technical event log - `Kaspersky malware detected.pptx` → Incident presentation #👨‍💻 Author Naman Tare SOC Analyst | Malware Detection | Incident Response [LinkedIn Profile](https://www.linkedin.com/in/naman-tare-2660b416a)