Update

Daily Update-5th March 2018

1. Have found a suspicious file 'updater.exe' running in the system, but couldn't investigate as the system is in Offline state.

2. OTRS 2018030423003864 has been raised for the alert triggered for File share access in Smokescreen.

3. OTRS 2018030423004416 has been raised for the alert triggered using ICMP for Decoy access in Smokescreen.

4. OTRS 2018030423003784 has been raised for Social site alert reported by RSA. The same has been forwarded to marketing team for validation.

https://www.facebook.com/realvaluefinloan/

5. OTRS 2018030423006183 has been raised for Rogue application alert reported by RSA. The same has been forwarded to Appsec team for validation.

https://play.google.com/store/apps/details?id=com.gsinfotech.bankfinderdemo

6. Below 2 OTRS has been raised for Phishing scam alerts reported by RSA. And RSA has already commenced Shutdown process.

2018030423006371 -- hxxp://mobilecrusherinc.com/1859687110/1384477095/ax11.php

2018030423006441 -- hxxp://soltierra.com.ar/1865852537/r061375x.php

7. OTRS 2018030423006692 has been raised for Rogue application alert reported by RSA. The same has been submitted to RSA for takedown initiation.Also, AXI-ISA-172 report has been created for the same.

hxxp://www.appszoom.com/android-app/all-bank-balance-enquiry-2018-bjqfrk.html

8. Below OTRS has been raised for Social site alerts reported by Netcraft. The same has been forwarded to marketing team for validation.

2018030423003097 -- https://www.facebook.com/Axis-Bank-Ltd-780131708840375/

2018030423003793 -- https://www.facebook.com/Icici-Bank-and-Axis-Bank-Home-Loans-156754451740365/

2018030423003855 -- https://www.facebook.com/axisbankhomeloanshyderabad/

9. Due to the persisting IPS Sensor(DC-TPN-IPS01) Log extraction issue(Huge Sensor Data), was able to extract the data on 1day basis(1st JAN to 16th JAN).

10. Below are the following OTRS tickets which has been Closed post their confirmation.

2018030423003097 - Netcraft

2018030423003784 - RSA

2018030423003793 - Netcraft

2018030423003855 - Netcraft

11. OTRS 2018030423009144 has been raised for Rogue application alert reported by RSA. The same has been submitted to RSA for takedown initiation.Also, AXI-ISA-173 report has been created for the same.

http://www.appszoom.com/android-app/all-bank-finder-bjqgkj.html

12. OTRS 2018030423009153 has been raised for Social site alerts reported by Netcraft. The same has been forwarded to marketing team for validation.

https://www.facebook.com/Axis-Bank-Credit-Card-Agents-in-Chennai-760488927432236/

13. OTRS 2018030423009706 has been raised for Social site alerts reported by Netcraft. The same has been forwarded to marketing team for validation.

https://www.facebook.com/Axis-Bank-Ltd-411285312253466/

14. OTRS 2018030423009715 has been raised for Social site alerts reported by Netcraft. The same has been forwarded to marketing team for validation.

https://www.facebook.com/Axis-Bank-Ltd-258956987479043/

15. OTRS 2018030423009921 has been raised for Phishing URL alert by Netcraft.The same has been submitted to RSA for takedown.

http://www.laquincaillerieduweb.com/images/axisb/indexx.html

16. OTRS 2018030423009939 has been raised for Phishing URL alert by Netcraft.The same has been submitted to RSA for takedown.

http://www.laquincaillerieduweb.com/images/axisb/xecure.php

17. OTRS 2018030423011702 has been raised for Phishkit Email alert by Netcraft.

uzoco53@gmail.com

18. OTRS 2018030423011739 has been raised for Phishkit archive alert by Netcraft.The same has been submitted to RSA for takedown.

http://www.laquincaillerieduweb.com/images/axisb.zip

19. Weekly RSA & NC Report (26 Feb to 04 March) has been prepared.

20. Below alerts were identified in Akamai Threat Protector which is already reported to infosec team for review.No further Unique URL/Domains have been observed.

www{.}akamaietpmalwaretest{.}com{.}

allmobilesolutions{.}in{.}

web{.}stati{.}bid{.}

freecontent{.}stream{.}