get /api/v3/tickets/{ticketId}

TicketID 3554
TicketTitle VS: [#CSOC-zwillinggroup-A5639C3] Analysis and recommendation regarding Informational severity security incident 34368: 'FileZilla_BundleInstaller' unwanted software was prevented
TicketNumber 09072026_8560536956
TicketPriority Low
TicketImpact NoImpact
TicketStatus Resolved
TicketSource Email
TicketType Incident
EndUserID 180
EndUserEmail me@zwilling.dk
EndUserFirstName Mette
EndUserLastName Elsmark
EndUserPhone
TicketResolvedDate 2026-07-09T13:08:06Z
TicketCreatedDate 2026-07-03T11:10:40Z
TechnicianFirstCommentDate 2026-07-03T11:13:33Z
FirstComment p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0; font-size: 12pt; font-family: "Aptos", sans-serif } a:link, span.MsoHyperlink { color: rgba(0, 114, 198, 1); font-weight: bold } span.EmailStyle22 { font-family: "Aptos", sans-serif; color: rgba(0, 0, 0, 1) } .MsoChpDefault { font-size: 10pt } div.WordSection1 { } Med venlig hilsen Kristian Arndt Jørgensen Systemkonsulent Bødkervej 22, 4300 Holbæk T: +45 70 150 112 | M: +45 22 63 08 80      kaj@fair-it.dk | www.fair-it.dk Denne e-mail og alle filer, der sendes med den, er fortrolige og er udelukkende beregnet til brug af den person eller enhed, som de er adresseret til. Hvis du har modtaget denne e-mail ved en fejl, skal du videresende til den rigtige person, eller kontakte afsenderen. Fra: Schweda, Sebastian <Sebastian.Schweda@zwilling.com> Sendt: 2. juli 2026 13:28 Til: Kristian Arndt Jørgensen <kaj@fair-it.dk>; Elsmark, Mette <me@zwilling.dk> Emne: Fw: [#CSOC-zwillinggroup-A5639C3] Analysis and recommendation regarding Informational severity security incident 34368: 'FileZilla_BundleInstaller' unwanted software was prevented Hi Kristian,  was that you? BR Sebastian From: CSOC glueckkanja AG <csoc-alert@glueckkanja.com> Sent: Thursday, 2 July 2026 11:57 To: IT_Security@zwilling.com <IT_Security@zwilling.com> Cc: Schweda, Sebastian <Sebastian.Schweda@zwilling.com>; 3e749560.zwilling.com@emea.teams.ms <3e749560.zwilling.com@emea.teams.ms>; IT_Security_Global-SOC_Alert <it_security_soc_alerts@zwilling.com> Subject: [#CSOC-zwillinggroup-A5639C3] Analysis and recommendation regarding Informational severity security incident 34368: 'FileZilla_BundleInstaller' unwanted software was prevented     Please respond to this mail using: csoc-incidenthandler@glueckkanja.com   Analysis and recommendation 'FileZilla_BundleInstaller' unwanted software was prevented The user downloaded installed a bundled version of the FileZilla FTP server, which contains unwanted software. While some of the components were already quarantined, however, a service was already registered and is running. Please ensure to fully remove the software. Kind Regards Thorben Poeschus CSOC | glueckkanja AG csoc@glueckkanja.com https://glueckkanja.com   Incident 34368: Sentinel incident URL Related alerts 'FileZilla_BundleInstaller' unwanted software was prevented Severity Informational Start time (UTC) 07/02/2026 08:31:54 Alert Url Defender for Endpoint Description (MSFT) Potentially unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.   Affected entities Ip: 127.0.0.1 Ip: ::1 Ip: 127.0.0.1 Ip: ::1 Host: desktop-pskgfo4 Ip: 10.12.178.51 Ip: fe80::37c2:8374:2934:59a8 File: FileZilla_3.70.6_win64_sponsored2-setup.exe Url: [hxxp]s://download[.]filezilla-project[.]org/client/FileZilla_3[.]70[.]6_win64_sponsored2-setup[.]exe File: f_00001a     glueckkanja AG, Kaiserstrasse 39, 63065 Offenbach, Germany
LastEndUserComment p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0; font-size: 12pt; font-family: "Aptos", sans-serif } a:link, span.MsoHyperlink { color: rgba(0, 114, 198, 1); font-weight: bold } span.EmailStyle22 { font-family: "Aptos", sans-serif; color: rgba(0, 0, 0, 1) } .MsoChpDefault { font-size: 10pt } div.WordSection1 { } Med venlig hilsen Kristian Arndt Jørgensen Systemkonsulent Bødkervej 22, 4300 Holbæk T: +45 70 150 112 | M: +45 22 63 08 80      kaj@fair-it.dk | www.fair-it.dk Denne e-mail og alle filer, der sendes med den, er fortrolige og er udelukkende beregnet til brug af den person eller enhed, som de er adresseret til. Hvis du har modtaget denne e-mail ved en fejl, skal du videresende til den rigtige person, eller kontakte afsenderen. Fra: Schweda, Sebastian <Sebastian.Schweda@zwilling.com> Sendt: 2. juli 2026 13:28 Til: Kristian Arndt Jørgensen <kaj@fair-it.dk>; Elsmark, Mette <me@zwilling.dk> Emne: Fw: [#CSOC-zwillinggroup-A5639C3] Analysis and recommendation regarding Informational severity security incident 34368: 'FileZilla_BundleInstaller' unwanted software was prevented Hi Kristian,  was that you? BR Sebastian From: CSOC glueckkanja AG <csoc-alert@glueckkanja.com> Sent: Thursday, 2 July 2026 11:57 To: IT_Security@zwilling.com <IT_Security@zwilling.com> Cc: Schweda, Sebastian <Sebastian.Schweda@zwilling.com>; 3e749560.zwilling.com@emea.teams.ms <3e749560.zwilling.com@emea.teams.ms>; IT_Security_Global-SOC_Alert <it_security_soc_alerts@zwilling.com> Subject: [#CSOC-zwillinggroup-A5639C3] Analysis and recommendation regarding Informational severity security incident 34368: 'FileZilla_BundleInstaller' unwanted software was prevented     Please respond to this mail using: csoc-incidenthandler@glueckkanja.com   Analysis and recommendation 'FileZilla_BundleInstaller' unwanted software was prevented The user downloaded installed a bundled version of the FileZilla FTP server, which contains unwanted software. While some of the components were already quarantined, however, a service was already registered and is running. Please ensure to fully remove the software. Kind Regards Thorben Poeschus CSOC | glueckkanja AG csoc@glueckkanja.com https://glueckkanja.com   Incident 34368: Sentinel incident URL Related alerts 'FileZilla_BundleInstaller' unwanted software was prevented Severity Informational Start time (UTC) 07/02/2026 08:31:54 Alert Url Defender for Endpoint Description (MSFT) Potentially unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.   Affected entities Ip: 127.0.0.1 Ip: ::1 Ip: 127.0.0.1 Ip: ::1 Host: desktop-pskgfo4 Ip: 10.12.178.51 Ip: fe80::37c2:8374:2934:59a8 File: FileZilla_3.70.6_win64_sponsored2-setup.exe Url: [hxxp]s://download[.]filezilla-project[.]org/client/FileZilla_3[.]70[.]6_win64_sponsored2-setup[.]exe File: f_00001a     glueckkanja AG, Kaiserstrasse 39, 63065 Offenbach, Germany
LastEndUserCommentTimestamp 2026-07-03T11:10:40Z
OnSiteDurationSeconds 0
OnSiteDurationMinutes 0
OffSiteDurationSeconds 7200
OffSiteDurationMinutes 0
OnSLADurationMinutes 0
OffSLADurationMinutes 0
TotalDurationSeconds 7200
TotalDurationMinutes 0
CustomerID 19
CustomerName Zwilling J.A. Henckels Scandinavia A/S
CustomerBusinessNumber 58147818
TechnicianContactID 6
TechnicianFullName Kristian Arndt Jørgensen
TechnicianEmail kaj@fair-it.dk
RelationType None