SOC146 LetsDefend Walkthrough: Phishing Mail Detected — Excel 4.0 Macros
A full SOC analyst walkthrough of LetsDefend alert SOC146 — phishing email delivering Excel 4.0 XLM macros, DLL loading via regsvr32, and confirmed C2 beaconing. MITRE ATT&CK mapped, verdict explained.