Multiple archived files uploaded to Slack in a short period
Description
AlphaSOC detected multiple archived files uploaded to Slack within a short timeframe. Adversaries frequently use archive files to conceal malicious content, evade security scanning, and exploit file parsing vulnerabilities. Archive formats can hide malware through techniques such as nested compression, encryption, and specially crafted file headers.
Impact
Archive files can evade antivirus detection and content filtering when uploaded to collaboration platforms. Once delivered, these archives may contain ransomware, trojans, or other malware capable of compromising systems upon extraction. The use of legitimate platforms such as Slack helps threat actors evade network security controls.
Severity
| Severity | Condition |
|---|---|
Informational | Multiple archived files uploaded to Slack within a short timeframe |
Investigation and Remediation
Quarantine the suspicious archives and examine them in a secure environment. Use advanced malware analysis tools capable of detecting archive-based threats. Review Slack logs to identify the source account and any users who may have accessed or downloaded the files. If malicious content is confirmed, remove the files, disable compromised accounts, and scan systems that accessed the archives.