18

Daily Update - 18th March 2018

1. OTRS 2018031823009903 has been raised for Brand Abuse alert reported by RSA.

http://online-axisbank.com

2. OTRS 2018031823009912 has been raised for Brand Abuse alert reported by RSA.

http://axismundionline.net

3. For OTRS tickets 2018030923004201 and 2018030923027768 Below URL's have been submitted to Appsec team for validation.

https://play.google.com/store/apps/details?id=com.Labs.AllBankBalanceCheckD

https://play.google.com/store/apps/details?id=com.bank.account.barodaicicisbi

4. Weekly RSA & Netcraft Report (12th March to 18th March) has been prepared.

5. Analysis has been shared to the team via email for below Akamai Domains alerts.

www.liquiditybars.com.

yoggramonline.in.

odeasy.com.

a.doko.moe.

leadnibbler.com.

admission.fri3nds.in.

6. Weekly Akamai ETP report (10th March to 17th March) has been shared to Infosec team via email for review.

7. Email has been sent to Netsecom2 team regarding FireEye sensor health status, Now issue is resolved

8. OTRS 2018031823015791 has been raised for SMB connectios observed in last 12 hours

9. We have observed one machine is infected with virus. The logs are shared with Infosec team for approval for Installation of CB on mentioned host.

10. Akamai has identified belwo domainsas suspicious:

colesaintjaimes{.}com{.}

vvrhhhnaijyj6s2m{.}onion{.}top{.}

a7uo{.}imgeng{.}in{.}revdn{.}net{.}

coaue{.}ml{.}

www{.}freecontent{.}stream{.}

In which Below domains found as Malicious domains, Analysis for malicious domains has been shared with Infosec team.

colesaintjaimes{.}com{.}

coaue{.}ml{.}

11. Closed OTRS 2018031623001914 Netcraft ticket 

12. Closed below RSA tickets post confirmation.

2018031823009903

2018031823009912

2018031723043421

2018031723043403

2018031623045191