daily
Daily Update - 11th March 2018
1. We have received below daily DNS alerts:OTRS 2018031123000068, 2018031123000077, 2018031123008275 & 2018031123008284 has been raised for the same.
hxxp://axisbankremit.com/
hxxp://www.iconnect.ai/
hxxp://www.championeerscontracts.com/
hxxp://online-axisbank.com/
2. OTRS 2018031123008293 has been raised for Brand abuse alert by Netcraft.
hxxp://axiscapitalinc.org
hxxp://axiscapitalllc.com
3. OTRS 2018031123008301 has been raised for Brand abuse alert by Netcraft.
hxxp://axiscapitalloan.com
hxxp://axiscapitalmanagement.net
4.OTRS 2018031123008319 has been raised for Brand abuse alert by Netcraft.
hxxp://axiscapitalmarkets.com
hxxp://axiscapitalmgmt.com
5. OTRS 2018031123008328 has been raised for Brand abuse alert by Netcraft.
hxxp://axiscapitalpartners.com
hxxp://axiscapstone.com
6. OTRS 2018031123008337 has been raised for Brand abuse alert by Netcraft.
hxxp://axisfinance.be
hxxp://axisfinance.co.in
7. OTRS 2018031123008346 has been raised for Brand abuse alert by Netcraft.
hxxp://axisfinance.co.uk
hxxp://axisfinance.co.za
8. OTRS 2018031123008355 has been raised for Brand abuse alert by Netcraft.
hxxp://axisfinance.com
hxxp://axisfinance.com.au
9. OTRS 2018031123008631 has been raised for Brand abuse alert by Netcraft.
hxxp://axisfinance.in
hxxp://axisfinance.mobi
10. Closed following RSA tickets post their confirmation
2018030923039433
2018030923039602
2018030923038363
11. Closed following Netcraft tickets post their confirmation
2018031023003852
2018031023007545
2018031023010317
2018031023011094
2018031023011101
2018031023011558
2018031023011567
2018031023011665
2018031023011674
2018031023012039
2018031123000068
12. OTRS has been raised for Brand Abuse alert reported by RSA.
2018031123016051 -- http://axis.direct
13. OTRS has been raised for alert observed on port 443/tcp in Smokescreen.
2018031123016061
14. Email has been sent to Netsecom2 team regarding FireEye sensor health status.
15. IPS sensor logs for sensor “DR-INTDMZ-IPS02” has been extracted for 1st Jan 2018 to 5th FEB 2018 , and the data has been saved in local machine (AB-NPC1-TRAIN3 ) at path : D:\IPS\DR-INTDMZ-IPS02\FEB 2018. Unable to pivot the same due to huge data size.
16. Weekly RSA & NC report (5th Mar to 11th Mar) has been prepared.
17. Found a suspicious file 'updater.exe' running in the system: AB-0921-D00006 but couldn't investigate as the system is in Offline state.
18. Below suspicious Domain and its analysis has been shared to Infosec team.
game-oldies[.]com[.]