DH-W11X6423H2E1
930
DH-W11X6421H2E2
73
DH-W10X6422H2E4
16
DH-Ubuntu22x64-E5
7
...
- -
Windows
Linux
You don't have this add-on yet.
dh-w11x6423h2e1\testadmin
35289
dh-w11x6421h2e2\testadmin
1528
dh-w10x6422h2e4\testadmin
396
05 Jul 2024, 20:25
Report
Monthly added
23 Jul 2024, 09:04
Hunt
Recent credential source, Malware Logs, listed user passwords that were stolen within the last 30 days. AMR has investigated detections to ensure that spyware does not exist on MDR-monitored devices. Furthermore, CIFC recommends that the customer contact the users that were affected in case they are using personal devices to access customer networks and push a password change immediately, and also use available anti-virus tools to remove existing malware.
23 Jul 2024, 08:57
Recent reporting has confirmed malicious activity directed at users of PaperCut print utility application. Actors are using recently patched vulnerabilities CVE-2023–27350 and CVE-2023–27351 to take advantage of certain versions of unpatched software. CIFC has gathered IOCs associated with threat actor activity for hunting to ensure MDR-monitored assets are secure.
23 Jul 2024, 08:29
Recent credential sources, Malware Logs, listed user passwords that were stolen within the last 30 days. AMR has investigated detections to ensure that spyware does not exist on MDR-monitored devices. Furthermore, CIFC recommends that the customer contact the users that were affected in case they are using personal devices to access customer networks and push a password change immediately, and also use available anti-virus tools to remove existing malware.
23 Jul 2024, 05:45
A hunt was conducted to validate the baseline, review newly identified trends, and investigate any new anomalies.
22 Jul 2024, 23:37
Recommendation
All Clear
23 Jul 2024, 17:53
Expected Activity
No recommendations
23 Jul 2024, 17:24
23 Jul 2024, 16:41
MDR Analyst detected an alert triggered by "splunk-MonitorNoHandle.exe" on host " BBIBART-L" . The activity which was verified by the user BBIBART (Bibart Bogdan-Service Desk Engineer); flagged by the agent due to network configuration changes. Nothing suspicious observed.
23 Jul 2024, 16:36
Security Risk
MDR was alerted to suspicious activity involving the user “msofineti@bitdefender.biz”. Analysts thoroughly reviewed this activity and found it to be a benign in nature. A review of surrounding activity was conducted and found to be free of malicious activity. At this time no further action is necessary.
23 Jul 2024, 15:20
Risk-Based
Analysts have conducted an intelligence-driven hunt of your production environment logs over the past 30 days and found no indication of the suspected user account "draghici@bitdefender.com" accessing any production endpoints as of this writing. However, the RCA_Insight logs reported the Chrome browsing activities of user "draghici" to the "ffsng.com" URI domain on host "draghici-L". Consequently, the user "Mihai Draghici" was contacted via Slack to validate the reported URI requests to the "ffsng.com" domain, and he confirmed said activities as false positives.
An intelligence hunt has been conducted throughout your environment in search of indicators of compromise related to an exploitable print management software known as PaperCut. They're no instances of these indicators present in your environment at this time.
MDR analysts have conducted a hunt for both accounts and have seen logon activity from both. An internal email was sent an IT administrator to manually reset their credentials and cc'd the user in the sent email.
Targeted
The MDR Team has completed a periodic hunt of your environment.
The investigations that were triggered by GravityZone EDR and XDR Alerts were reviewed and no further malicious activity within the environment was detected.
MDR analysts conducted a periodic hunt of your environment reviewing execution and persistence mechanisms and network activity and have not found indication of any unmitigated malicious activity.
Malware
URL.Phishing
2627
AIT.Heur.Memori.1.2B5DE009.Gen
1924
XLM.Formulas.Abracadabra.8.Gen
1574
Trojan.Ransom.GandCrab.Gen.2
951
Exploit.PentestingTool.HTTP.3
837
Other
392
Potentially unwanted application
240
Application.Bundler.CYB
38
Adware.DealPly.B
35
Application.Hacktool.Aluigi.EI
34
400
Exploit
208
Ransomware
169
131
118
Sort
All
