Threat Prevention Report

November 24, 2016 12:00 AM - November 24, 2016 11:59 PM
Generated by Check Point SmartEvent®, on November 25, 2016 06:00 AM

10,000+ Hosts

5 Hosts

Scanned

Top Malware

with High and Critical Incidents

6 Malwares

By Number of Hosts

0 Hosts

Found by Anti-Bot

12 Malwares

Trojan-downloader.Win32.Locky....

0 Hosts

Found by Anti-Virus

Discovered an Advanced Threat

0 Malwares

1 Hosts

Malware.yrtmx

Detected Bot Activity

phishing.ddbc

2 Hosts
1 Hosts

Phishing.czhpnp

1 Hosts

Mail analysis

2 Hosts

2 Hosts

Found by Threat-Emulation

Downloaded a Malware

3 Hosts

Malware Remediation Procedures

Accessed a Site Known to Contain Malware

Incidents Trend

6 High and Critical Incidents
Out of 18 Incidents

18

2

4

Prevented

16
14

6.7KB

Detected

Total Sent

20.8KB

Total Received

Access to site known to contain malware
3

12

Malicious file/exploit download

10

2

8

Malicious network activity

6

1

4

Prevent

2
0
03:00, 21 Nov
Total

03:00, 22 Nov
Critical & High severity incidents

03:00, 23 Nov

03:00, 24
Nov

1/9

3
2
1

Detect (Policy can be modified to prevent more or all incident types)

1

2016 12:00 AM . 2016 11:59 PM Table of Contents 2 Host With High or Critical Severity Incidents 3 Top Hosts Involved in Malicious Activity 4 Top Malware 5 Top Activities and their Top Hosts 6 Top Protection Types and their Top Malware 7 Malware Activity 8 Top Destination Countries 9 2/9 .November 24.Threat Prevention Report November 24.

Win32.222 Trojan-downloader.Win32.25 Trojan-downloader.czhpnp 1 0B 3 3KB Total (3) 3/9 . 2016 11:59 PM Host With High or Critical Severity Incidents Type Host Downloaded a Malware Severity Protection Name Num. 2016 12:00 AM .3KB 192.28.Threat Prevention Report November 24.November 24.bca 1 833B Total (2) Accessed a Site Known to Contain Malware 3 2 833B 192.168.yrtmx 1 638B 192.168. of Incidents Sent Traffic 192.168.168.Locky.67 Malware.85.12 Phishing.bca 1 0B 192.7.96.ddbc 1 2.168.Locky.15.9 phishing.

80 192.222 0B 0B 1 1 0 Total (9) 15 2 13 7.16.7.2KB 18.190 192.67 192.25 192.168.9 192.168.16.96.168. of Incidents Prevented Detected Sent Traffic Received Traffic Machine Name Sent Traffic Received Traffic Num.7KB 15 2 13 Policy can be modified to prevent more or all incident types 4/9 .168.28.16.222 0 1 2 3 4 4 5 6 0B 800B 1.168.24. 2016 11:59 PM Top Hosts Involved in Malicious Activity By Number of Incidents By Sent Traffic (Bytes) KWFT_SMTP_Relay_svr 192.190 1 0 1 183B 408.168.168.25 833B 1.168.67 192.168.24.57 192.15.168.2KB 838.16.168.168.80 192.168.190 192.168.57 192.96.168.6KB 1 1 0 192.59.67 1 0 1 638B 520B 192.7KB 5.24.3KB 3.7KB 192.7KB Total (9) 7.168.168.28.168.168.16.5KB Machine Name Num. of Incidents Prevented Detected KWFT_SMTP_Relay_svr 5 0 5 0B 0B 192.168.222 KWFT_SMTP_Relay_svr 192.190 183B 408.168.2KB 18.168.8 192.Threat Prevention Report November 24.15.96.57 1 0 1 175B 233B 192.8 192.1KB 192.168.2KB 838.168.7.59.168.168.9 5.24.9 3 0 3 5.168.67 638B 520B 1 0 1 192. 2016 12:00 AM .7KB 3 0 3 192.168.168.6KB 192.28.November 24.7.59.1KB 3.25 192.25 1 1 0 833B 1.8 1 0 1 0B 0B 192.16.1KB 1 0 1 192.15.9KB 4.80 1 0 1 183B 409.6KB 1 0 1 192.16.96.57 175B 233B 1 0 1 192.6KB 192.80 183B 409.6KB 2.168.7.16.28.168.168.15.9 192.59.8 0B 0B 1 0 1 192.222 1 1 0 0B 0B KWFT_SMTP_Relay_svr 0B 0B 5 0 5 192.

ddau 5.ddau 1 1 Total (6) 15 9 0B 1. of Incidents Num.L.1KB 3.yrtmx Malicious Binary.yrtmx Trojandownloader.ddbc phishing..November 24.crnbdmg Malware.Win32.ddbc Trojandownloader.ddbc 3 1 Malicious Binary. Malicious Binary..ddbc Trojandownloader.5KB Comment Post Infection .L.Win32.L.yrtmx phishing.ddau phishing.2KB 3 1 833B 2 2 638B 1 1 366B 2 2 175B 1 1 Mail analysis 0B 6 2 Total (6) 7... 2016 12:00 AM . 2 2 Malware. of Hosts Comment Mail analysis 6 2 Post Infection phishing. 2016 11:59 PM Top Malware 5 By Number of Incidents By Sent Traffic (Bytes) Mail analysis phishing..7KB Sent Traffic Num.3KB 3..9KB 4. Malware.crnbdmg 2 2 Trojan-downloader. of Incidents Num.ddau Mail analysis 0 1 2 3 4 5 6 7 Malware Name Num..crnbdmg phishing.2KB 15 9 Malware Name 5/9 800B 5..yrtmx 1 1 phishing.L. of Hosts phishing.Win32. Malicious Binary.6KB 2.Threat Prevention Report November 24.Win32.crnbdmg Malware.

168.2KB 0 3 192.7.168.168.168.28.57 1 175B 0 1 6 DNS query for a site known to contain malware (6%) Malicious network activity (11%) Spam (33%) Malicious file/exploit download (22%) Access to site known to contain malware (28%) Policy can be modified to prevent more or all incident types 6/9 .2KB 0 3 192.59.168.183 2 0B 0 0 Total (2) 5 5.190 1 183B 0 1 192.15.24.Threat Prevention Report November 24.12 1 0B 0 0 Total (2) 2 638B 0 1 192.November 24.17.96.168.168.85.168. 2016 12:00 AM .25 1 833B 1 0 Total (4) 4 1.168.67 1 638B 0 1 192.8 1 0B 0 1 Total (2) 6 0B 0 6 192.9 3 5. 2016 11:59 PM Top Activities and their Top Hosts Malware Activity Spam Access to site known to contain malware Malicious file/exploit download Malicious network activity DNS query for a site known to contain malware Machine Name Num.16.80 1 183B 0 1 192.222 1 0B 1 0 192.168.16.2KB 2 2 192. of Incidents Sent Traffic Prevented Detected KWFT_SMTP_Relay_svr 5 0B 0 5 192.

czhpnp 1 1 0B 0 0 REP..crnbdmg Trojandownloader. 2016 12:00 AM ..Threat Prevention Report November 24.ddau 1 1 175B 0 1 7 DNS Reputation (6%) DNS Trap (11%) Suspicious Mail (33%) Signature (22%) URL Reputation (28%) Policy can be modified to prevent more or all incident types 7/9 . Total (2) 5 5 3KB 0 2 2 2 366B 0 2 2 2 833B 2 0 4 4 1.Win32.2KB 2 2 phishing.9KB 0 2 phishing.ddbc 1 1 2.hzowdh 1 1 0B 0 0 phishing. of Hosts Sent Traffic Prevented Detected Mail analysis 6 2 0B 0 6 Malware.yrtmx 1 1 638B 0 1 Phishing.L.November 24.huvcru 1 1 0B 0 0 REP. 2016 11:59 PM Top Protection Types and their Top Malware Protection Type Suspicious Mail URL Reputation Signature DNS Trap DNS Reputation Malware Name Num. of Incidents Num.ddbc 2 1 2.3KB 0 1 Total (5) Malicious Binary.

of Incidents Num.6KB 8 5 4 Num.Threat Prevention Report November 24. 2016 12:00 AM .4KB 0B Thu 01:00Thu 03:30Thu 06:00Thu 08:30Thu 11:00Thu 13:30Thu 16:00 8/9 0B .2KB 18. of Hosts Sent Traffic Received Traffic 1 1 0B 0B 1 1 175B 233B 4 3 821B 410.3KB 415. of Hosts 4 3 3 2 1 1 0 Thu 01:00 Thu 03:30 Thu 06:00 Thu 08:30 Thu 11:00 Thu 13:30 Thu 16:00 7KB 0 553.2KB 3. of Incidents Num.8KB 138. 2016 11:59 PM Malware Activity Activity Date Nov 24 2016 01:00 Nov 24 2016 06:00 Nov 24 2016 07:00 Nov 24 2016 09:00 Nov 24 2016 10:00 Nov 24 2016 11:00 Nov 24 2016 12:00 Nov 24 2016 13:00 Nov 24 2016 16:00 Num.November 24.7KB Sent Traffic Received Traffic 5.5KB 276.1KB 4 2 5.8KB 1.7KB 3 2 0B 0B 1 1 0B 0B 1 1 0B 0B 1 1 0B 0B 2 2 1016B 409.

November 24.Threat Prevention Report November 24. 2016 11:59 PM Top Destination Countries Destination Country United States United Kingdom Singapore Num. of Hosts Sent Traffic Received Traffic 19 4 0B 0B 4 3 366B 817. 2016 12:00 AM . of Incidents Num.7KB 1 1 638B 520B 9/9 9 .