Professional Documents
Culture Documents
Threat Prevention Apr 23 2020 9-29-50 AM
Threat Prevention Apr 23 2020 9-29-50 AM
PREVENTION
Report
Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
General Activity 2
DNS Reputation High 19.6K DNS query for a C&C site 10.7K
DNS server resolving a C&C site for a 20K
DNS Trap Critical 4.6K
7.8K
client behind it
Signature Critical 76 18K
Communication with C&C site 3.2K
URL Reputation Critical 23
Access to site known to contain 16K
Suspicious Mail Medium 17 1.4K
malware
14K
DNS query for a site known to contain
857
malware 12K
DNS server resolving a site known to
221
contain malware for a client behind it 10K
Spam 17
4K
Malicious network activity 9
2K
0
Anti-Bot Anti-Virus
Malware Activity
1K
500
0
T ue 2 4 T ue 3 1 T ue 7 T ue 1 4 T ue 2 1
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Hosts 3
Host_172.31.1.140 (172.31.1.140)
172.31.25.41
172.31.41.4
PROXY_CSE2 (172.31.1.100)
192.168.6.117
172.31.104.21
172.31.33.77
192.168.6.162
172.31.104.20
android-8ddb640eb1391426.cse.gob.ni (192.168.70.100)
Andromeda.TC.eabbaaabb
Andromeda.TC.iabbaaabb
Anti-Bot CnC Server.RS.TC.ferz DNS Reputation Detect
172.31.33.77 Critical
Anti-Virus CnC Server.RS.TC.fewp DNS Trap Prevent
CnC Server.RS.TC.ffac
122 more Protections
Andromeda.TC.eabbaaabb
Andromeda.TC.iabbaaabb
Anti-Bot Conficker_A.TC.akskd DNS Reputation Detect
192.168.6.117 Critical
Anti-Virus Conficker_A.TC.akslr DNS Trap Prevent
Conficker_A.TC.aksmd
1037 more Protections
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Malwares 4
DNS server resolving a site known to contain malware for a client behind it
Spam
0 1K 2K 3K 4K 5K 6K
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Severe Incidents 5
Anti-Bot Andromeda.TC.iabbaaabb
Conficker_A.TC.akskd
DNS Reputation Conficker_A.TC.akslr Communication with C&C site
192.168.6.117 Critical 1.4K
DNS Trap Conficker_A.TC.aksmd DNS query for a C&C site
Conficker_A.TC.aksmi
1034 more Protections
Andromeda.TC.iabbaaabb
CnC Server.RS.TC.ferz
CnC Server.RS.TC.fewp
172.31.33.77 Critical DNS Trap Communication with C&C site 489
CnC Server.RS.TC.ffac
CnC Server.RS.TC.fgea
96 more Protections
Andromeda.TC.iabbaaabb
CnC Server.RS.TC.ferz
CnC Server.RS.TC.fewp
172.31.104.21 Critical DNS Trap Communication with C&C site 457
CnC Server.RS.TC.ffac
CnC Server.RS.TC.fgea
102 more Protections
Andromeda.TC.iabbaaabb
CnC Server.RS.TC.ferz
CnC Server.RS.TC.fewp
172.31.104.20 Critical DNS Trap Communication with C&C site 373
CnC Server.RS.TC.ffac
CnC Server.RS.TC.fgex
63 more Protections
Andromeda.TC.iabbaaabb
Conficker_B.TC.ajvzu
DNS Reputation Generic.TC.dtjfpv Communication with C&C site
172.31.32.38 Critical 244
DNS Trap Generic.TC.hcpmin DNS query for a C&C site
Generic.TC.hcvfeo
4 more Protections
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Severe Incidents 6
Blade Source Severity Protection T ype Protection Name Malware Action Log s
Anti-Bot Andromeda.TC.iabbaaabb
Conficker_A.TC.amerg
DNS Reputation Conficker_A.TC.ameti Communication with C&C site
192.168.6.162 Critical 117
DNS Trap Conficker_A.TC.ameui DNS query for a C&C site
Conficker_A.TC.ameur
112 more Protections
Andromeda.TC.iabbaaabb
android- Generic.TC.fmsilk
8ddb640eb1391426. DNS Reputation Generic.TC.gjgxnh Communication with C&C site
Critical 110
cse.gob.ni DNS Trap Generic.TC.hcpmin DNS query for a C&C site
(192.168.70.100) Generic.TC.hcvecx
7 more Protections
Generic.TC.dtjfpv
Generic.TC.ghvwib
DNS Reputation Generic.TC.hckpzq Communication with C&C site
proofpoint_192.168. Critical 110
DNS Trap Generic.TC.hcpmin DNS query for a C&C site
17.12 (192.168.17.12)
Generic.TC.hcvecx
3 more Protections
Andromeda.TC.iabbaaabb
Conficker_A.TC.akwtu
Conficker_B.TC.ajjab
172.31.136.20 Critical DNS Trap Communication with C&C site 53
Conficker_B.TC.ajpef
Conficker_B.TC.ajwbb
13 more Protections
4 Protection
T otal: 4 6 Sources Critical 6.7 K Protections 4 Actions 19.7 K
T ypes
Anti-Virus Adware.TC.gbbgfaeji
android- DNS Reputation
Generic.TC.havmlf
DNS Trap Access to site known to contain…
8ddb640eb1391426. Infecting URL.RS.TC.eihw
Critical DNS query for a site known to c… 36
cse.gob.ni Signature Infecting URL.RS.TC.hnbc
Malicious file/exploit download
(192.168.70.100) URL Reputation Trojan.Win32.Generic.W.cqtbn
4 more Protections
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Severe Incidents 7
Blade Source Severity Protection T ype Protection Name Malware Action Log s
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Severe Incidents 8
Blade Source Severity Protection T ype Protection Name Malware Action Log s
Anti-Virus 4 Protection
T otal: 36 Sources Critical 36 Protections 4 Actions 67 2
T ypes
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Malicious Activity 9
Detect
MCHOW-PC (172.31.4.50) Critical 4
Prevent
PCComputer.cse.gob.ni_54
Critical Detect 2
(192.168.70.51)
host_172.31.4.229
Critical Detect 2
(172.31.4.229)
T otal: 13 Sources Critical 2 Actions 28
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Malicious Activity 10
VIP_Zimbra_MailServer Detect
High 250
(192.168.17.13) Prevent
DNS query for a site known to contain malware 172.31.33.77 High Detect 150
VIP_Zimbra_MailServer Detect
High 117
(192.168.17.13) Prevent
android-
8ddb640eb1391426.cse.gob.ni High Detect 70
(192.168.70.100)
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Malicious Activity 11
Spam proofpoint_192.168.17.12
Medium Prevent 11
(192.168.17.12)
192.168.70.140 Medium Prevent 6
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Countries 12
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM
Map 13
T HREAT PREVENT ION Report Mar 24 , 2020 12:00 AM - Apr 23, 2020 9:29 AM