Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

Malware Threat Detection

Malware Threat Detection provides a comprehensive package to detect any malware infection in just a few simple steps. A new variant of Dharma Ransomware has been discovered, where a .cmb extension is appended to encrypted drives. 

Dharma Ransomware attacks are carried out by malicious actors scanning for devices running Remote Desktop Protocol Services (RDP), primarily TCP port 3389, and brute-forcing the password to the device. The ransomware is then installed manually by the attacker and configured to execute automatically when the user logs in to Windows, encrypting files created subsequent to the last execution.  

Once a device is infected, files are encrypted and a .cmb extension is appended following the format "[original file name].id-[id].[email].cmb", where [email] is the attacker's email address which the victim is urged to contact, to recover encrypted data.

It provides a comprehensive package to detect any malware infection in just a few simple steps.

The list of IoCs required to run Malware Threat Detection is as follows:

S.N 
List Name
Values
1 MALWARE_HASH List of all hash values of malicious files and applications
2 MALWARE_FILE List of all malicious files and applications
3 MALWARE_EMAIL List of all email addresses of the known attacker
4 MALWARE_IP List of all malicious IP addresses
5 MALWARE_URL List of all malicious URLs


Malware Threat Detection detects the following malware:

  • Dharma Ransomware
  • Oilrig OopsIE malware and SpyNote mobile malware
  • DarkHydrus
  • APT-C-23 and Micropsia
  • QUADAGENT
  • EmissaryPanda
  • Oilrig - DMI Connect
  • PRB-Backdoor and its connection to Oilrig
  • myetherwallet impersonations
  • “SilentLibrarian” (Iranian threat actor Mabna Institute)
  • Arid Viper
  • Malicious Invoice of Telcel Mexican Telecommunication Company
Release Details
Version:3.1.0
Release date:August 15, 2018
Supported On:Logpoint v6.0.0 and later
SHA 256: 678ce5fa55c99f523dfe0a8ec0af71e3b5a2f310998d8d28bc7e7145b0cf94d5
Download

Package Details

Malware Threat Detection contains:

  1. Dashboard Package
    • LP_Malware Threat Detection
  2. Alert Packages
    • LP_Malware Threat Emails Sent to Attacker
    • LP_Malware Threat Connection to Malicious Destination
    • LP_Malware Threat Connection from Malicious Source
    • LP_Malware Threat Affected Host
    • LP_Malware Threat Connection to Malicious URL
  3. KB Lists
    • MALWARE_EMAIL
    • MALWARE_FILE
    • MALWARE_IP
    • MALWARE_HASH
    • MALWARE_URL

Installation 

To install the Malware Threat Detection:

  1. Download the .pak from the Download link above.
  2. Add the required Malware Threat Detection server as a device in LogPoint.
  3. Create a processing policy.
  4. Assign the policy to the device.
  5. Add the dashboards.

Supported Version

Malware Threat Detection

Log Source Requirements

  • Windows Server/Integrity Scanner
    • It detects malicious file installation and malware-infected hosts.
  • Mail Server
    • It detects any emails sent to the malicious address.
  • Firewall
    • It detects the connection to and from malicious listed sources.
  • Web Server/Proxy/Firewall
    • It detects the connection to malicious domains and URLs. 

Support

If you have any queries or require assistance, create a support ticket.

Best regards,

Logo_Dark.png

Comments

Please sign in to leave a comment.

Follow

Related articles

  • BitDefender
  • Malwarebytes
  • Ransomware Analytics
  • Microsoft ATA
  • MacToVendor Process Plugin
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.