Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Need Help For Unusual Case
We have been going through unusual expereince recently, as 5 of our servers indicated to be infected from EDR with “Trojan.Nancrat Activity 4” However, after full scan nothing detected, after checking the Event Viewer it mentioned that outgoing traffic has been blocked for External IP “188.8.131.52” and later different IP after we blocked the first one.
After running “Symantec diagnostic tool” itdetected safe files we are using for the last 2 years and last change was last year. We upoloaded the Files to Symantec and they said it is clean and they have no clear explaination to what happened. My only question at this situation is that means our network is compromised as there is Traffic to external IP from our servers? And how to identify that? We run the below and no clear indications of anything:
1- Full Scan with Symantec
2- Full Scan with ESET Online Scanner
3- Full Scan WIth Malwarebytes
4- Full Scan with Symantec Diagnostic
5- Check Event Viewer
6- Run SCAN in Safemode
7- Upload infected Files to Symantec and it is clean.
You must be logged in to reply to this topic.