Description

Coronavirus-related Malicious Monitoring package detects security threats that are related to coronavirus.

Following use cases are included in this package:

- Coronavirus related suspicious files executed:

  • Macro Embedded on Coronavirus Office Document
  • Suspicious Coronavirus File Executed On Host

- Coronavirus related Suspicious traffic and email-based on intelligence Datafeed from MISP CIRCL

  • Dangerous Browsing to a Suspicious Coronavirus URL
  • Email Sent to Suspicious Coronavirus Address
  • Inbound Traffic from a Coronavirus Suspicious Address
  • Inbound Traffic from a Coronavirus Suspicious Domain
  • Outbound Traffic to a Coronavirus Suspicious Address
  • Outbound Traffic to a Coronavirus Suspicious Domain
  • Received Email from Coronavirus Address
  • Suspicious Coronavirus File Hash Activity

-Coronavirus Detected by Vendor

Following MITRE ATT&CK Techniques are covered as well:

  • T1048-Exfiltration Over Alternative Protocol
  • T1064-Scripting
  • T1190-Exploit Public-Facing Application
  • T1192-Spearphishing Link
  • T1193-Spearphishing Attachment
  • T1204-User Execution


Minimum Requirements

ESM 6.9.1 and above

This package is dependent on ESM Default Content - Threat Intelligence Platform package, which can be downloaded from https://marketplace.microfocus.com/arcsight/content/esm-default-content

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
Coronavirus-related Malicious Monitoring 1.0.0.0
99.3 KB
  |  
Apr 14, 2020
More info Less info
Product compatibility
ESM
Version 7.4 · 7.2 · 7.0
Version 6.9.1 · 6.11.0
Release notes

First release version of Coronavirus-related Malicious Monitoring package.

Following use cases are included in this package:

- Coronavirus related suspicious files executed:

  • Macro Embedded on Coronavirus Office Document
  • Suspicious Coronavirus File Executed On Host

- Coronavirus related Suspicious traffic and email based on intelligence Datafeed from MISP CIRCL

  • Dangerous Browsing to a Suspicious Coronavirus URL
  • Email Sent to Suspicious Coronavirus Address
  • Inbound Traffic from a Coronavirus Suspicious Address
  • Inbound Traffic from a Coronavirus Suspicious Domain
  • Outbound Traffic to a Coronavirus Suspicious Address
  • Outbound Traffic to a Coronavirus Suspicious Domain
  • Received Email from Coronavirus Address
  • Suspicious Coronavirus File Hash Activity

-Coronavirus Detected by Vendor

Following MITRE ATT&CK Techniques are covered as well:

  • T1048-Exfiltration Over Alternative Protocol
  • T1064-Scripting
  • T1190-Exploit Public-Facing Application
  • T1192-Spearphishing Link
  • T1193-Spearphishing Attachment
  • T1204-User Execution
Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-6-2-4227 | Fri Jun 18 00:18:29 PDT 2021