Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Daily Threat Prevention 25nov2016 060004 558

    Hochgeladen von

    john maina
    138 Ansichten9 Seiten
    hshhshsh

    Originaltitel

    Daily Threat Prevention 25Nov2016 060004 558

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    hshhshsh

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    138 Ansichten9 Seiten

    Daily Threat Prevention 25nov2016 060004 558

    Hochgeladen von

    john maina
    hshhshsh

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM


    Generated by Check Point SmartEvent, on November 25, 2016 06:00 AM

    10,000+ Hosts

    5 Hosts

    Scanned

    Top Malware

    with High and Critical Incidents

    6 Malwares

    By Number of Hosts

    0 Hosts

    Found by Anti-Bot

    12 Malwares

    Trojan-downloader.Win32.Locky....

    0 Hosts

    Found by Anti-Virus

    Discovered an Advanced Threat

    0 Malwares

    1 Hosts

    Malware.yrtmx

    Detected Bot Activity

    phishing.ddbc

    2 Hosts
    1 Hosts

    Phishing.czhpnp

    1 Hosts

    Mail analysis

    2 Hosts

    2 Hosts

    Found by Threat-Emulation

    Downloaded a Malware

    3 Hosts

    Malware Remediation Procedures

    Accessed a Site Known to Contain Malware

    Incidents Trend

    6 High and Critical Incidents


    Out of 18 Incidents

    18

    Prevented

    16
    14

    6.7KB

    Detected

    Total Sent

    20.8KB

    Total Received

    Access to site known to contain malware


    3

    12

    Malicious file/exploit download

    10

    Malicious network activity

    Prevent

    2
    0
    03:00, 21 Nov
    Total

    03:00, 22 Nov
    Critical & High severity incidents

    03:00, 23 Nov

    03:00, 24
    Nov

    1/9

    3
    2
    1

    Detect (Policy can be modified to prevent more or all incident types)

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Table of Contents

    Host With High or Critical Severity Incidents

    Top Hosts Involved in Malicious Activity

    Top Malware

    Top Activities and their Top Hosts

    Top Protection Types and their Top Malware

    Malware Activity

    Top Destination Countries

    2/9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Host With High or Critical Severity Incidents


    Type

    Host
    Downloaded a Malware

    Severity

    Protection Name

    Num. of Incidents

    Sent Traffic

    192.168.96.222

    Trojan-downloader.Win32.Locky.bca

    0B

    192.168.7.25

    Trojan-downloader.Win32.Locky.bca

    833B

    Total (2)

    Accessed a Site Known to Contain Malware

    833B

    192.168.28.67

    Malware.yrtmx

    638B

    192.168.15.9

    phishing.ddbc

    2.3KB

    192.168.85.12

    Phishing.czhpnp

    0B

    3KB

    Total (3)

    3/9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Top Hosts Involved in Malicious Activity


    By Number of Incidents

    By Sent Traffic (Bytes)

    KWFT_SMTP_Relay_svr

    192.168.15.9

    192.168.15.9

    192.168.7.25

    192.168.16.190

    192.168.28.67

    192.168.59.80

    192.168.16.190

    192.168.24.8

    192.168.59.80

    192.168.28.67

    192.168.16.57

    192.168.16.57

    192.168.24.8

    192.168.96.222

    KWFT_SMTP_Relay_svr

    192.168.7.25

    192.168.96.222
    0

    0B

    800B

    1.6KB

    2.3KB

    3.1KB

    3.9KB

    4.7KB

    5.5KB

    Machine Name

    Num. of
    Incidents

    Prevented

    Detected

    Sent
    Traffic

    Received
    Traffic

    Machine Name

    Sent
    Traffic

    Received
    Traffic

    Num. of
    Incidents

    Prevented

    Detected

    KWFT_SMTP_Relay_svr

    0B

    0B

    192.168.15.9

    5.2KB

    18.7KB

    192.168.15.9

    5.2KB

    18.7KB

    192.168.7.25

    833B

    1.6KB

    192.168.16.190

    183B

    408.1KB

    192.168.28.67

    638B

    520B

    192.168.59.80

    183B

    409.6KB

    192.168.16.190

    183B

    408.1KB

    192.168.24.8

    0B

    0B

    192.168.59.80

    183B

    409.6KB

    192.168.28.67

    638B

    520B

    192.168.16.57

    175B

    233B

    192.168.16.57

    175B

    233B

    192.168.24.8

    0B

    0B

    192.168.96.222

    0B

    0B

    KWFT_SMTP_Relay_svr

    0B

    0B

    192.168.7.25

    833B

    1.6KB

    192.168.96.222

    0B

    0B

    Total (9)

    15

    13

    7.2KB

    838.7KB

    Total (9)

    7.2KB

    838.7KB

    15

    13

    Policy can be modified to prevent more or all incident types

    4/9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Top Malware

    By Number of Incidents

    By Sent Traffic (Bytes)

    Mail analysis

    phishing.ddbc

    phishing.ddbc

    Trojandownloader.Win32.L...

    Malicious
    Binary.crnbdmg

    Malware.yrtmx

    Trojandownloader.Win32.L...

    Malicious
    Binary.crnbdmg

    Malware.yrtmx

    phishing.ddau

    phishing.ddau

    Mail analysis
    0

    Malware Name

    Num. of Incidents

    Num. of Hosts

    Comment

    Mail analysis

    Post Infection

    phishing.ddbc

    Malicious Binary.crnbdmg

    Trojan-downloader.Win32.L...

    Malware.yrtmx

    phishing.ddau

    Total (6)

    15

    0B

    1.6KB

    2.3KB

    3.1KB

    3.9KB

    4.7KB

    Sent
    Traffic

    Num. of
    Incidents

    Num. of
    Hosts

    phishing.ddbc
    Trojandownloader.Win32.L...
    Malware.yrtmx
    Malicious
    Binary.crnbdmg
    phishing.ddau

    5.2KB

    833B

    638B

    366B

    175B

    Mail analysis

    0B

    Total (6)

    7.2KB

    15

    Malware Name

    5/9

    800B

    5.5KB

    Comment

    Post
    Infection

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Top Activities and their Top Hosts


    Malware Activity
    Spam

    Access to site known to


    contain malware

    Malicious file/exploit
    download

    Malicious network
    activity
    DNS query for a site
    known to contain
    malware

    Machine Name

    Num. of
    Incidents

    Sent
    Traffic

    Prevented

    Detected

    KWFT_SMTP_Relay_svr

    0B

    192.168.24.8

    0B

    Total (2)

    0B

    192.168.15.9

    5.2KB

    192.168.17.183

    0B

    Total (2)

    5.2KB

    192.168.96.222

    0B

    192.168.59.80

    183B

    192.168.16.190

    183B

    192.168.7.25

    833B

    Total (4)

    1.2KB

    192.168.28.67

    638B

    192.168.85.12

    0B

    Total (2)

    638B

    192.168.16.57

    175B

    DNS query for a site known to


    contain malware (6%)
    Malicious network
    activity (11%)
    Spam (33%)

    Malicious
    file/exploit
    download
    (22%)

    Access to site known to contain


    malware (28%)

    Policy can be modified to prevent more or all incident types

    6/9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Top Protection Types and their Top Malware


    Protection
    Type
    Suspicious
    Mail

    URL
    Reputation

    Signature

    DNS Trap
    DNS
    Reputation

    Malware Name

    Num. of
    Incidents

    Num.
    of
    Hosts

    Sent
    Traffic

    Prevented

    Detected

    Mail analysis

    0B

    Malware.yrtmx

    638B

    Phishing.czhpnp

    0B

    REP.huvcru

    0B

    REP.hzowdh

    0B

    phishing.ddbc

    2.3KB

    Total (5)
    Malicious
    Binary.crnbdmg
    Trojandownloader.Win32.L...
    Total (2)

    3KB

    366B

    833B

    1.2KB

    phishing.ddbc

    2.9KB

    phishing.ddau

    175B

    DNS Reputation (6%)


    DNS Trap (11%)
    Suspicious Mail
    (33%)

    Signature
    (22%)

    URL Reputation (28%)

    Policy can be modified to prevent more or all incident types

    7/9

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Malware Activity
    Activity Date
    Nov 24 2016
    01:00
    Nov 24 2016
    06:00
    Nov 24 2016
    07:00
    Nov 24 2016
    09:00
    Nov 24 2016
    10:00
    Nov 24 2016
    11:00
    Nov 24 2016
    12:00
    Nov 24 2016
    13:00
    Nov 24 2016
    16:00

    Num. of
    Incidents

    Num. of
    Hosts

    Sent
    Traffic

    Received
    Traffic

    0B

    0B

    175B

    233B

    821B

    410.1KB

    5.2KB

    18.7KB

    0B

    0B

    0B

    0B

    0B

    0B

    0B

    0B

    1016B

    409.6KB

    4
    Num. of Incidents
    Num. of Hosts

    0
    Thu 01:00 Thu 03:30 Thu 06:00 Thu 08:30 Thu 11:00 Thu 13:30 Thu 16:00

    7KB

    553.7KB
    Sent Traffic
    Received Traffic

    5.3KB

    415.2KB

    3.5KB

    276.8KB

    1.8KB

    138.4KB

    0B
    Thu 01:00Thu 03:30Thu 06:00Thu 08:30Thu 11:00Thu 13:30Thu 16:00

    8/9

    0B

    Threat Prevention Report

    November 24, 2016 12:00 AM - November 24, 2016 11:59 PM

    Top Destination Countries


    Destination
    Country
    United
    States
    United
    Kingdom
    Singapore

    Num. of
    Incidents

    Num.
    of
    Hosts

    Sent
    Traffic

    Received
    Traffic

    19

    0B

    0B

    366B

    817.7KB

    638B

    520B

    9/9

    Das könnte Ihnen auch gefallen