Current Events
Copy link

This is a collection of rules for current events and rapid response to developing situations.

Suspicious DNS Request - 3CX Desktop Supply Chain Compromise

Description
Copy link

This detection identifies domains associated to threat actors that have compromised 3CX Desktop and released trojaned versions of the installer.

Recommendation
Copy link

Block the domains in question. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Supply Chain Compromise - T1195
  • Compromise Software Supply Chain - T1195.002

Suspicious Process - 3CX Desktop Supply Chain Compromise

Description
Copy link

This detection identifies binaries reported to be compromised 3CX Desktop that were trojaned by a malicious actor.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Supply Chain Compromise - T1195
  • Compromise Software Supply Chain - T1195.002

Suspicious Web Request - 3CX Desktop Supply Chain Compromise

Description
Copy link

This detection identifies domains associated to threat actors that have compromised 3CX Desktop and released trojaned versions of the installer.

Recommendation
Copy link

Block the domains in question. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Supply Chain Compromise - T1195
  • Compromise Software Supply Chain - T1195.002