Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:56:28 UTC

Credential Stuffing Attempt

Informational Resolved
ALR-00033 · 2026-04-06T18:16:45Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Dark Web Monitor.

Alert Metadata

Alert ID
ALR-00033
Timestamp
2026-04-06T18:16:45Z
Severity
Informational
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
f.hall
Source IP
45.252.148.30
Destination IP
10.1.188.221
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

18:16:45 Event ingested by SOC365 Engine
18:16:47 EmilyAI triage started — correlation enrichment
18:16:51 EmilyAI confidence: 86% — escalated to human analyst
18:17:19 Alert assigned to analyst: EmilyAI (auto)
18:18:32 Investigation started — querying SIEM and threat intelligence
18:25:41 Containment action taken — endpoint isolated
18:31:58 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00031 1h ago Kerberoasting Attempt Medium Open WS-MAC-005
ALR-00346 11h ago C2 Beacon Activity Critical Investigating WS-MAC-005
ALR-00257 11h ago Credential Stuffing Attempt Medium Resolved WS-LAP-012
ALR-00352 12h ago DecoyPulse Honeypot Triggered Medium Open WS-MAC-005
ALR-00142 23h ago Credential Stuffing Attempt Medium Open VM-DEV-01