Current Events
This is a collection of rules for current events and rapid response to developing situations.
Suspicious DNS Request - 3CX Desktop Supply Chain Compromise
Description
This detection identifies domains associated to threat actors that have compromised 3CX Desktop and released trojaned versions of the installer.
Recommendation
Block the domains in question. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Supply Chain Compromise - T1195
- Compromise Software Supply Chain - T1195.002
Suspicious Process - 3CX Desktop Supply Chain Compromise
Description
This detection identifies binaries reported to be compromised 3CX Desktop that were trojaned by a malicious actor.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Supply Chain Compromise - T1195
- Compromise Software Supply Chain - T1195.002
Suspicious Web Request - 3CX Desktop Supply Chain Compromise
Description
This detection identifies domains associated to threat actors that have compromised 3CX Desktop and released trojaned versions of the installer.
Recommendation
Block the domains in question. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Supply Chain Compromise - T1195
- Compromise Software Supply Chain - T1195.002