daily

Daily Update - 11th March 2018

1. We have received below daily DNS alerts:OTRS 2018031123000068, 2018031123000077, 2018031123008275 & 2018031123008284 has been raised for the same.

hxxp://axisbankremit.com/

hxxp://www.iconnect.ai/

hxxp://www.championeerscontracts.com/

hxxp://online-axisbank.com/

2. OTRS 2018031123008293 has been raised for Brand abuse alert by Netcraft.

hxxp://axiscapitalinc.org

hxxp://axiscapitalllc.com

3. OTRS 2018031123008301 has been raised for Brand abuse alert by Netcraft.

hxxp://axiscapitalloan.com

hxxp://axiscapitalmanagement.net

4.OTRS 2018031123008319 has been raised for Brand abuse alert by Netcraft.

hxxp://axiscapitalmarkets.com

hxxp://axiscapitalmgmt.com

5. OTRS 2018031123008328 has been raised for Brand abuse alert by Netcraft.

hxxp://axiscapitalpartners.com

hxxp://axiscapstone.com

6. OTRS 2018031123008337 has been raised for Brand abuse alert by Netcraft.

hxxp://axisfinance.be

hxxp://axisfinance.co.in

7. OTRS 2018031123008346 has been raised for Brand abuse alert by Netcraft.

hxxp://axisfinance.co.uk

hxxp://axisfinance.co.za

8. OTRS 2018031123008355 has been raised for Brand abuse alert by Netcraft.

hxxp://axisfinance.com

hxxp://axisfinance.com.au

9. OTRS 2018031123008631 has been raised for Brand abuse alert by Netcraft.

hxxp://axisfinance.in

hxxp://axisfinance.mobi

10. Closed following RSA tickets post their confirmation

2018030923039433

2018030923039602

2018030923038363

11. Closed following Netcraft tickets post their confirmation

2018031023003852

2018031023007545

2018031023010317

2018031023011094

2018031023011101

2018031023011558      

2018031023011567

2018031023011665

2018031023011674

2018031023012039

2018031123000068

12. OTRS has been raised for Brand Abuse alert reported by RSA.

2018031123016051 -- http://axis.direct

13. OTRS has been raised for alert observed on port 443/tcp in Smokescreen.

2018031123016061

14. Email has been sent to Netsecom2 team regarding FireEye sensor health status.

15. IPS sensor logs for sensor “DR-INTDMZ-IPS02” has been extracted for 1st Jan 2018 to 5th FEB 2018 , and the data has been saved in local machine (AB-NPC1-TRAIN3 ) at path : D:\IPS\DR-INTDMZ-IPS02\FEB 2018. Unable to pivot the same due to huge data size.

16. Weekly RSA & NC report (5th Mar to 11th Mar) has been prepared.

17. Found a suspicious file 'updater.exe' running in the system: AB-0921-D00006 but couldn't investigate as the system is in Offline state.

18. Below suspicious Domain and its analysis has been shared to Infosec team.

game-oldies[.]com[.]