Malware Activity Detected

DetectionTimeUTC

Date and time when malware activity has been detected.

DetectionTimeUTC="03/20/2025 13:05:41"

OibID

Machine ID.

OibID="0e54d3bf-add8-48eb-9122-fad3ac1e8fb3"

ActivityType

Malware activity type. Possible values:

• DeletedUsefulFiles — Deleted files
• SuspiciousFilesInDelta — Indicators of compromise
• RansomwareNotes — Ransom notes and onion links
• RansomwareExtensions — Known suspicious files and extensions
• EncryptedData — Encrypted files
• YaraScan — Malware activity specified in the YARA rule
• AntivirusScan — Malware activity specified in the antivirus configuration file
• RenamedFiles — Renamed files
• Unknown — Malware activity detected by a third-party solution

ActivityType="EncryptedData"

UserName

Name of the user who performed an operation.

UserName="TECH\user1"

UserFullInfo

Detailed information about the user who performed an operation. Includes the following data:

• fullName — the user name
• loginType

UserFullInfo="<ModifiedUserInfo fullName="TECH\user1" loginType="0" />"

ObjectName

Object name.

ObjectName="VM01"

CreationTimeUTC

Date and time when a malware detection event has been created.

CreationTimeUTC="03/20/2025 13:10:02"

VbrHostName

Backup server name. Can be a DNS name, an FQDN or an IP address.

VbrHostName="vbrsrv01.tech.local"

VbrVersion

Veeam Backup & Replication version.

VbrVersion="13.0.1.180"

Version

Event version (service parameter).

Version="1"

Description

Event message details.

Description="Potential malware activity detected for OIB: 0e54d3bf-add8-48eb-9122-fad3ac1e8fb3 (VM01), rule: Encrypted data by user: TECH\user1."