“By 11.55am, the response team confirmed that the email contained an XML script with embedded objects that had evaded our anti-malware and sandboxing controls, the team also confirmed that attempts had been made to connect to a server in Brazil,” he said. By 12.17pm, Splunk log analysis showed that one user had opened the malicious attachment, and the attempted Brazilian server connection had been blocked by a web proxy and no second stage attack had taken place.

Read full news article on Infosecurity