26

26


Daily Update - 26th March 2018


1. Weekly RSA & NC report(19th Mar to 25th Mar) has been shared with infosec team.


2. Akamai Weekly Threat report (18th Mar to 24th Mar) has been prepared and shared to Ashutosh sir and team.


3. OTRS has been raised for installing CB agent on one of the system for suspicious communication observed in Akamai ETP.

Domain: Coinpot.co


4. OTRS 2018032623022356 has been raised for Rogue application reported by RSA. The same has been submitted to Appsec team for validation.

https://play.google.com/store/apps/details?id=com.videotech.bankbalance.bankbalancecheck


5. Carbon Black agent installation file has been shared to FM server support team for deploying CB agent on servers.


6. S K Prasad sir's machine analysis has been shared with Sir and team. CB agent is reflecting on (SKRC Prasad Sir) system but system was offline. Investigation will start once systems gets online.


7. OTRS has been raised for alert observed in Smokescreen for Accessing a decoy via ICMP.

2018032623029224


8. Below RSA tickets has been closed post confirmation.

2018032123030052

2018032223006005

2018032323054881

2018032423026712

2018032523008427

2018032523018391

2018032523011021

2018032523011039


9. OTRS 2018032623043324 has been raised for Bluecoat Alert observed for Malware Name :'PUS:Client-SMTP.Win32.Blat.a.


10. OTRS 2018032623046091 has been raised for infection match alert on Fireeye, Alert Malware Type: Phish.URL.


11. OTRS 2018032623047008 has been raised for Phishing alert identified by RSA.

hxxp://www.inimax.co.kr/wp-admin/1996022873/kdqadvh.php


12. OTRS 2018032623047017 has been raised for Phishing alert identified by RSA.

hxxp://louyet.be/1942244238/1769263104/ax11.php


13. OTRS 2018032623047464 has been raised for Phishing alert identified by RSA.

hxxp://darylanderson.org/wp-includes/redirz.php


14. OTRS 2018032623047473 has been raised for Phishing alert identified by RSA.

hxxp://darylanderson.org/wp-content/redirz.php


15. OTRS 2018032623047482 has been raised for Phishing alert identified by RSA.

hxxp://darylanderson.org/redirz.php


16. OTRS 2018032623047508 has been raised for Phishing alert identified by RSA.

hxxp://darylanderson.org/wp-admin/redirz.php


17. Smokescreen raw logs for all consoles for the period of 24 hours, last 3 days and last 7 days have been extracted and shared with infosec team.

 

18. OTRS 2018032623050692 has been raised for CB agent installation in 8 systems.


19. OTRS 2018032623051093 has been raised for CB agent installation regarding SOC reported analysis.


20. Asked user 'Bikash Kumar Das' to share the orginal mail along with the header of original spam mail received.