Scribd
Upload
41 views19 pages

Threat Assessment Last Week 2022-06-21T02 03 00Z

The document provides a threat assessment report for a realm called security-vng-realm over a week-long period. It details various metrics including detected malware, compromised hosts, risky files and their categories/locations, risky domains/URLs, and email threats. One host and several risky executable files were identified as critical threats requiring further investigation.

Uploaded by

Dung Nguyen Hoai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views19 pages

Threat Assessment Last Week 2022-06-21T02 03 00Z

The document provides a threat assessment report for a realm called security-vng-realm over a week-long period. It details various metrics including detected malware, compromised hosts, risky files and their categories/locations, risky domains/URLs, and email threats. One host and several risky executable files were identified as critical threats requiring further investigation.

Uploaded by

Dung Nguyen Hoai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Threat Assessment

Realm security-vng-realm
Top threats for last week

Report Range: 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Report Generated: 21 Jun 2022 02:03:00 GMT

Copyright © 2015-2019, Juniper Networks, Inc.


Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Table of Contents

Executive Summary 1

Malware Assessment 2

Host Assessment 4

Risky Files Assessment 5

Risky Domains, URLs, and IPs Assessment 8

Email Assessment 10

Devices Assessment 16

Report Generated: 21 Jun 2022 02:03:00 GMT


Threat Assessment for security-vng-realm
EXECUTIVE SUMMARY 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

These are the total risky threat counts by category as accessed by ATP Cloud. It is
important to investigate risky threats and take remediation if needed to further secure
your network.

Malware C & C Server Destinations

No Threats Detected

2 Newly Discovered(0)
Known(2)

Hosts with Malicious Activities Domains and URLs

1 Hosts with Malicious Acti...(0)


Blocked Hosts(1)
1 Suspicious(0)
Known Risky(1)

High-risk User Data

13 0
Users’ Computers Infected with High-risk Web Sites Accessed by Users
Malware

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 1 of 17
Threat Assessment for security-vng-realm
MALWARE 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Malware Identified


These are the names of the top malware by count.

Eicar:testfile

0 4 8 12
Count

Top Infected File MIME Types Top Scanned File Categories


These are the top infected Multi-Purpose Internet These are the top file categories scanned and
Mail Extensions) MIME by count. includes benign and malicious files in the count.

Executable

Application/eicar Archive

Unknown

0 10 20 0 10 20
Infected Files Scanned Categories

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 2 of 17
Threat Assessment for security-vng-realm
C&C SERVER AND 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

MALWARE LOCATIONS

Top C&C Server Location by Count


These are the top countries for command and control servers by number of communication attempts.

Country C&C Hits

No Threats Detected

No Threats Detected

Top Malware Threat Locations by Count


These are the top countries for malware threats.

Country Threats

United States 15

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 3 of 17
Threat Assessment for security-vng-realm
HOSTS 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Compromised Hosts


These are the top hosts that may have been compromised based on their associated threat level. It is
important to investigate the hosts to determine if they should be quarantined, allowed, or blocked to secure
the network.

Host Threat Level Status Blocked Date

192.168.1.100 Critical Blocked 14 Jun 2022 02:01:27 GMT

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 4 of 17
Threat Assessment for security-vng-realm
RISKY FILES 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Risky File Categories by Count


These are the top risky file categories by count for known and newly discovered malicious files.

executable
Known
Newly Discovered

0 4 8 12 16
Count

Top Risky Files Detected by Count


These are the top risky files detected by count. It is important to investigate the files and decide if they need
to be blocked in order to secure your network.

Threat MD5 File Hash Category Count First Downloaded


Level

Critical 44d88612fea8a8f36de82e1278abb02f Executable 13 14 Jun 2022 04:55:15 GMT

Critical 9b113c9e2851a07b0fdff34eb943aa4d Executable 2 14 Jun 2022 02:02:32 GMT

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 5 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top IPs Detected Attempting to Access Risky Files by Count


These are the top ip's attempting to access risky files. These files have been identified as risky and should be
investigated to determine if they should be blocked to secure the network.

192.168.1.100
Known
Newly Discovered

0 4 8 12 16
Count

Top Risky Files Detected by IPs


These are the top risky files detected per top ip attempting to access the files . It is important to investigate
these IPs activity and block or quarantine them from the network. Also, investigae blocking any subsequent
downloads of the risky files.

Threat Level MD5 File Hash Category Date Downloaded

192.168.1.100

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 04:55:15 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 03:20:59 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 02:42:28 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 02:21:22 GMT

Critical 9b113c9e2851a07b0fdff34eb943aa4d Executable 14 Jun 2022 02:02:32 GMT

Critical 9b113c9e2851a07b0fdff34eb943aa4d Executable 14 Jun 2022 02:01:27 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 01:55:32 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 14 Jun 2022 01:52:48 GMT

Critical 44d88612fea8a8f36de82e1278abb02f Executable 13 Jun 2022 09:52:53 GMT

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 6 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Risky Files Detected by IPs (Cont.)


Threat Level MD5 File Hash Category Date Downloaded

Critical 44d88612fea8a8f36de82e1278abb02f Executable 13 Jun 2022 09:52:38 GMT

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 7 of 17
Threat Assessment for security-vng-realm
RISKY DOMAINS, URLS, 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

AND IPS

Top Detected Risky Domains, URLs, and IPs by Count


These are the top risky domains, URLs, and IPs ATP Cloud detected by the number of times access was
attempted. These should be investigated to determine if they should be blocked to secure the network.

getwanip.com

0 4 8 12 16
Count

Most Active Users for Risky Domains, URLs, and IPs by Count
These are the users who are most active in attempting to access risky domains, URLs, and IPs by the number
of times access was attempted. It is important to investigate these users’ activity and block or quarantine
them from the network.

No Active Users for Risky Domains, URLs or IPs

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 8 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Detected Risky Domains, URLs, and IPs by Threat Level


Domain, URL, and IP First Accessed Description Count Threat
Level

getwanip.com 14 Jun 2022 04:55:15 GMT Eicar:Testfile 15 Critical

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 9 of 17
Threat Assessment for security-vng-realm
EMAIL 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Actions Taken
These are the actions taken for scanned email

No Threats Detected

High-Risk Email Data

0 0
Email Attachments with Malware Risky Senders

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 10 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Malicious SMTP Email by Count


These are the scanned emails using SMTP protocol found to be malicious.

No Malicious Email Attachments Detected

Malicious IMAP Email by Count


These are the scanned emails using IMAP protocol found to be malicious.

No Malicious Email Attachments Detected

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 11 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Risky File Categories Detected for Email Attachments


These are the top risky file categories of files received as attachments in email that were detected.

No Malicious Email Attachments Detected

Top Risky Email Attachments Detected by Count


These are the top risky files from email attachments detected. It is important to investigate the files and
decide if they and/or the email sender need to be blocked in order to secure the network.

Threat Level MD5 File Hash Category Count First Downloaded

No Malicious Email Attachments Detected

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 12 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Users Receiving Risky Email Attachments


These are the top users receiving risky file attachments sent via email. These files have been identified as
risky and should be investigated to determine if they and/or the email sender should be blocked to secure the
network.

No Malicious Email Attachments Detected

Top Risky Email Attachments Detected per Top Users


These are the top users and their most risky file attachments. It is important to investigate these users’
activity and block or quarantine them from the network. You should also investigate any subsequent
downloads by these users and block the senders of the email attachments.

Threat Level MD5 File Hash Category Date Downloaded

No Malicious Email Attachments Detected

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 13 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Top Risky Email Sender Domains by Count


These are the top risky sender domains based on the threat level of file attachments sent in email.

No Malicious Email Attachments Detected

Top Sender Domains of Risky File Attachments by Count


These are the top sender domains of risky file attachments and shows the count of how many times their file
attachments were detected. It is important to investigate these sender domain activity and block them from
the network. Also, investigate blocking any downloads of the risky files.

Threat Level MD5 File Hash First Downloaded

No Malicious Email Attachments Detected

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 14 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Actions on SMTP Malicious Email by Count


These are the actions taken for malicious emails using SMTP protocol.

No Threats Detected

Actions on IMAP Malicious Email by Count


These are the actions taken for malicious emails using IMAP protocol.

No Threats Detected

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 15 of 17
Threat Assessment for security-vng-realm
DEVICES 13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Zero Submissions
These are the list of devices which has not submitted files in the past 30 days.

Serial Number

No devices found under zero submission

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 16 of 17
Threat Assessment for security-vng-realm
13 Jun 2022 00:00:00 GMT – 19 Jun 2022 23:59:59 GMT

Expiring Devices
These are the list of devices which are going to be expire in 60 days

Serial Number Expiry Date

No devices found to be expire soon

Report Generated: 21 Jun 2022 02:03:00 GMT


Page 17 of 17

You might also like