daily

1. OTRS 2018051223015074 has been raised for Teamviewer application been found running in one of the system. Observation and analysis report has been shared to the IR team with necessary recommendations - Closed.

Incident Report AXI-ISA-354 has been created for the same.

2. Smokescreen_VM TI Weekly report (6th May to 12th May) has been prepared and shared to the team - Closed.

3. OTRS has been raised for below application URL reported by RSA, observed as hosting a Phishing scam against Axis bank. Submitted for takedown initiation to RSA - Closed.

2018051223004237 -- hxxp://axisredeem.com/

Incident Report AXI-ISA-355 has been created for the same.

4. OTRS has been raised for below Rogue application reported by RSA. We have submiited for takedown initiation to RSA - Closed.

2018051223000375 -- hxxps://m.downloadatoz.com/vector/in.livepages.vectorapp/

Incident Report AXI-ISA-353 has been created for the same.

6. OTRS has been raised for Brand Abuse alerts reported by Netcraft - Closed.

2018051223018704 -- fip.axiscapital.com

2018051223018875 -- m-edealing.axiscap.in

7. OTRS 2018051223029989 has been raised for below URL reported by Netcraft as social site detection page. The page has been submitted to marketing team for validation - Closed.

hxxps://instagram.com/bank.axis

8. OTRS 2018051223026535 has been raised for brand abuse alert reported by RSA. The URL is currently offline -Closed.

hxxp://axiservice.uk

9. OTRS 2018051223029078 has been raised for brand abuse alert reported by RSA. The URL is currently offline - Closed.

hxxp://directaxisloansonline.co.za

10. OTRS 2018051223029211 has been raised for brand abuse alert reported by RSA. The URL is currently offline - Closed.

hxxp://axisbank.gdn

11. OTRS 2018051223026544 has been raised for below rogue application alert reported by RSA. The same has been sent to Appsec team for validation - Open.

hxxps://play.google.com/store/apps/details?id=com.gyaniapps.netbankingforallbanks

12. OTRS 2018051223031823 has been raised for below Rogue applications and have submitted for takedown initiation to RSA. Incident Report AXI-ISA-356 has been created for the same - Closed.

hxxps://all-in-one-recharge.en.aptoide.com/

hxxps://earning-mafia-aahana.en.aptoide.com/

hxxps://planhound.en.aptoide.com/"

13. OTRS 2018051223031832 has been raised for below Rogue applications and have submitted for takedown initiation to RSA. Incident Report AXI-ISA-356 has been created for the same - Closed.

hxxps://recharged-in.en.aptoide.com/

hxxps://couponhaat.en.aptoide.com/

hxxps://mcharge.en.aptoide.com/"

14. OTRS 2018051223031841 has been raised for below Rogue applications and have submitted for takedown initiation to RSA. Incident Report AXI-ISA-356 has been created for the same - Closed.

hxxps://freemobilerecharge.en.aptoide.com/

hxxps://netsecure.en.aptoide.com/

hxxps://axis-mobile.en.aptoide.com/"

15. Akamai Weekly Report (06th May to 12th May 2018) has been prepared and shared to the team - Closed.

16. OTRS 2018051223031574 has been raised for ‘Suspicious:Trojan.Script.Generic’ alert reported by Bluecoat for a system - Closed.

We have correlated the same with other technologies for last 7 days logs in qradar, the target URL: www[.]ganpatuniversity[.]ac[.]in is not malicious over the internet and have found nothing suspicious either. Further, we have shared our necessary recommendations to the IR team.

17. OTRS 2018051223031592 has been raised for ‘Suspicious:Trojan.Script.Generic’ alert reported by Bluecoat for a system - Closed.

19. OTRS 2018051123050715 had already been raised to IR team for CB agent installation on the suspected systems seen for suspicious Crypto jacking domains communication - Open.

The ticket is currently in Work in progress state from IR team end.

18. Below tickets have been Closed post their confirmation:

Netcraft - 2018051223029989

RSA-

2018051223026535

2018051223000375

2018051223029078

2018051223029211

2018051223004237

daily

Report Page