Test.html

<html><head>

<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; } body { padding: 0px; margin: 0px; font-family: Arial; font-size: 12px; color: rgb(0, 0, 0); } .lrm { margin-left: 50px; margin-right: 50px; } .mep { padding-left: 50px; } .shd1 { padding-right: 30px; } .shd2 { padding-right: 40px; } a:link { color: rgb(0, 102, 255); } hr.hr_bottom { color: gray; } h3 { color: rgb(234, 189, 0); font-family: "small-caps bold"; } .Title { color: rgb(234, 189, 0); font-weight: bold; } .bold_detail { font-weight: bold; } .td_first { color: rgb(119, 119, 119); width: 3.5cm; } .ip_blue { color: blue; } .notice { font-size: x-small; } .noticeDetail { font-size: xx-small; } .hrStandard { color: rgb(255, 223, 87); } .maxTest { font-size: 10px; margin-top: 5px; } content { margin-left: 50px; margin-right: 50px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>?<br>
</p>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Gene Shin<br>
<b>Sent:</b> Thursday, March 9, 2017 1:10 PM<br>
<b>To:</b> AES US SBU ISOC Cyber Security<br>
<b>Subject:</b> FW: Critical - Symantec Endpoint Reported Infection - Incident 97011834</font>
<div>&nbsp;</div>
</div>
<div><strong>
<div><font face="Tahoma" color="#000000" size="2">&nbsp;</font></div>
</strong>
<hr tabindex="-1" style="display:inline-block; width:98%">
<font face="Tahoma" size="2"><b>From:</b> SOC Notifications<br>
<b>Sent:</b> Thursday, March 9, 2017 1:10:24 PM (UTC-05:00) Eastern Time (US &amp; Canada)<br>
<b>To:</b> Gene Shin<br>
<b>Subject:</b> Critical - Symantec Endpoint Reported Infection - Incident 97011834<br>
</font><br>
<div></div>
<div>
<table cellpadding="0px" cellspacing="0px" width="100%" height="40px" style="padding:0px; margin:0px">
<tbody>
<tr>
<td background="cid:pageHeaderBG.gif" height="40px">
<table cellpadding="0px" cellspacing="0px" width="686px" height="40px" style="padding:0px; margin:0px">
<tbody>
<tr>
<td background="cid:prodNameBG.gif" height="40px">
<table cellpadding="0px" cellspacing="0px" width="364px" height="27px" style="padding:0px; margin:0px">
<tbody>
<tr>
<td background="cid:HeaderLogo.gif" height="27px"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table class="lrm ">
<tbody>
<tr>
<td align="bottom">
<table>
<tbody>
<tr>
<td></td>
</tr>
</tbody>
</table>
<span class="Title">INCIDENT DETAILS</span>
<hr class="hrStandard" size="1">
<table border="0">
<tbody>
<tr>
</tr>
<tr>
<td class="td_first">Incident #: </td>
<td class="bold_detail">97011834</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Severity: </td>
<td>Critical</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Correlation: </td>
<td>No</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Status: </td>
<td>New</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">PreviousStatus: </td>
<td>-</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Reference #: </td>
<td></td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Assigned To: </td>
<td>AES Corporation</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Created: </td>
<td>3/9/2017 6:08:46 PM (GMT)</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Category: </td>
<td>Malicious Code (<b>46 incident(s) </b>in the past 30 days) </td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Classification: </td>
<td>Symantec Endpoint Reported Infection</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Description: </td>
<td class="Blockquote">This incident is a real-time notification of an infected host detected on your monitored network. This infection was identified by analyzing your Symantec Antivirus or Endpoint Protection log data for indications of an uncorrected threat
 detected on a monitored host. <br>
<br>
When malware and other types of threats are detected by Antivirus or Endpoint Security, the application attempts to remove or quarantine the infected files. At times, this process cannot be completed successfully which leaves the host infected. This incident
 represents a case where the threat detected was not successfully removed or quarantined from your host.<br>
<br>
A malware infected host residing on your protected network poses a risk to your organization. Many types of malware are multi-functional and have network propagation, remote control, data theft and various other capabilities. Additionally, security risks such
 as spyware and adware introduce unwanted and potentially dangerous code into your organization. Many variants have the capability to download updated code to extend functionality and can cause the loss of host availability due to unauthorized system resource
 modifications. <br>
</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">Analyst assessment: </td>
<td>The host identified as the source IP address in this incident has been infected with a threat that could not be corrected by your endpoint antivirus (AV) application. The SOC recommends triaging this host for malware infection.<br>
<br>
The AV threats listed on the host below were identified by the SOC as uncorrected:
<br>
- Trojan.Gen.2 on CHAN20-E6330PR - this threat has been observed on this host once in the past 7 days.<br>
<br>
Symantec's Security Response site can be used to access detailed write-ups including removal instructions for the threat identified above. Simply search for the threat using the link show below to access additional information:<br>
<br>
- Symantec Security Response<br>
http://www.symantec.com/security_response/<br>
<br>
AV system scans are sometimes insufficient to remediate malware infections. Please see Symantecs process for responding to active threats on a network:<br>
<br>
- Best Practices for Troubleshooting Viruses on a Network<br>
http://www.symantec.com/business/support/index?page=content&amp;id=TECH122466<br>
<br>
Symantec Power Eraser (SPE) is the latest Symantec Recovery tool. The tool is aimed at the detection and clean-up of &quot;zero-day&quot; threats as well as other threats which may have infected a system and are difficult to remediate.
<br>
<br>
- How to run Symantec Power Eraser with the SymDiag utility<br>
https://support.symantec.com/en_US/article.TECH203683.html<br>
<br>
Please visit the SII web portal for a list of all currently infected hosts requiring remediation. This information can be found in the Reports section under the Managed Endpoint Infections Report.<br>
<br>
Questions or requests for further assistance related to this incident can be directed to the SOCs Analysis team.
</td>
</tr>
<tr>
<td class="td_first" nowrap="true" valign="top">LatestActivity: </td>
<td>CustomerSeverity :: Critical</td>
</tr>
<tr>
<td colspan="2"><br>
<a href="https://mss.symantec.com/PortalNextGen/Home/IncidentsDetails?IncidentId=97011834&amp;CreatedDate=03/09/2017%2018:08:48.793">View Full Incident Details &gt;&gt;
</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<span class="Title">SOURCE DETAILS</span>
<hr class="hrStandard" size="1">
<table>
<tbody>
<tr>
<td class="td_first">Source IP: </td>
<td><a href="https://mss.symantec.com/PortalNextGen/Home/Ipdetails?ip=10.249.174.167">10.249.174.167</a> (<b>1 incident(s)
</b>in the past 30 days) </td>
</tr>
<tr>
<td class="td_first">Country: </td>
<td>Reserved</td>
</tr>
<tr>
<td class="td_first">Organization(s): </td>
<td><i>No Organizations Found.</i><br>
</td>
</tr>
<tr>
<td colspan="2"><br>
</td>
</tr>
</tbody>
</table>
<br>
<span class="Title">DESTINATION DETAILS</span>
<hr class="hrStandard" size="1">
<table>
<tbody>
<tr>
<td nowrap="true" class="td_first">Organization(s): </td>
<td><i>No Organizations Found.</i></td>
</tr>
<tr>
<td colspan="2"><br>
</td>
</tr>
</tbody>
</table>
<br>
<span class="Title">ASSETS INVOLVED</span>
<hr class="hrStandard" size="1">
<table>
<tbody>
<tr>
<td>DMRP01-IS01-PR [AESCORP-MEP-112569] </td>
</tr>
<tr>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<span class="Title">CORRELATED EVENTS</span>
<hr class="hrStandard" size="1">
<span class="Title">KEY EVENTS</span>
<table>
<tbody>
<tr>
<td nowrap="true" class="td_first">Event#: </td>
<td>13794917616</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Event Name: </td>
<td>Trojan.Gen.2</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Event Type: </td>
<td>Symantec AV Alert</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Created: </td>
<td>3/9/2017 6:08:12 PM (GMT)</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Source IP: </td>
<td class="ip_blue"><a href="https://mss.symantec.com/PortalNextGen/Home/Ipdetails?ip=10.249.174.167">10.249.174.167</a></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Country: </td>
<td>Reserved</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Threat Name: </td>
<td></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Malware MD5 Hashes: </td>
<td></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Log Count: </td>
<td>2<br>
</td>
</tr>
<tr>
<td colspan="2" height="6"></td>
</tr>
<tr>
<td colspan="2" class="mep" align="left"><span class="Title">Source Host Details</span>
<table>
<tbody>
<tr>
<th class="shd1" align="left">Host Name</th>
<th class="shd1" align="left">Domain </th>
<th class="shd2" align="left">User(s)</th>
</tr>
<tr>
<td class="shd1" align="left">CHAN20-E6330PR</td>
<td class="shd1" align="left">aesmcac.local</td>
<td class="shd2" align="left">SYSTEM</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td height="12"></td>
</tr>
</tbody>
</table>
<br>
<span class="Title">OTHER EVENTS</span>
<table>
<tbody>
<tr>
<td nowrap="true" class="td_first">Event#: </td>
<td>13790181855</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Event Name: </td>
<td>Built-in rule</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Event Type: </td>
<td>Symantec Application/Device Control Alert</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Created: </td>
<td>3/9/2017 1:04:46 PM (GMT)</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Source IP: </td>
<td class="ip_blue"><a href="https://mss.symantec.com/PortalNextGen/Home/Ipdetails?ip=10.249.174.167">10.249.174.167</a></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Country: </td>
<td>Reserved</td>
</tr>
<tr>
<td nowrap="true" class="td_first">Threat Name: </td>
<td></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Malware MD5 Hashes: </td>
<td></td>
</tr>
<tr>
<td nowrap="true" class="td_first">Log Count: </td>
<td>1<br>
</td>
</tr>
<tr>
<td colspan="2" height="6"></td>
</tr>
<tr>
<td colspan="2" class="mep" align="left"><span class="Title">Source Host Details</span>
<table>
<tbody>
<tr>
<th class="shd1" align="left">Host Name</th>
<th class="shd1" align="left">Domain </th>
<th class="shd2" align="left">User(s)</th>
</tr>
<tr>
<td class="shd1" align="left">CHAN20-E6330PR</td>
<td class="shd1" align="left">aesmcac.local</td>
<td class="shd2" align="left">manpower.echu</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td height="12"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<div class="lrm"><br>
<hr size="7">
<table>
<tbody>
<tr>
<td align="center" class="notice"><b>NOTICE OF CONFIDENTIALITY</b></td>
</tr>
<tr>
<td class="noticeDetail">This Email message and its attachments (if any) are intended solely for the use of the addressee hereof. In addition, this message and the attachments (if any) may contain information that is confidential, privileged and exempt from
 disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. Delivery of this message to any person other
 than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</body>
</html>