1. OTRS 2018040923008447 has been raised for RSA rogue app URL.
2. OTRS 2018040923012343 has been raised for Smokescreen alert triggerred over port 443
3. OTRS 2018040923012871 has been raised for Smokescreen alert triggerred over port 80
4. Email header has been requested to user Ajay Tarachandani waiting for his reply.
5. OTRS 2018040923032705 has been raised for url has been identified by RSA as rogue application.
Takedown has been initiated. Incident report "AXI-ISA-248" has been created for the same.
6. Takedown has been initiated for below URL
Incident report "AXI-ISA-249" has been created for the same.
7. OTRS 2018040923039601 has been raised for url has been identified by RSA as rogue application.
Takedown has been initiated for below URL. Incident report "AXI-ISA-251" has been created for the same.
8. OTRS 2018040923047333 has been raised for social site alert for netcraft
9. OTRS 2018040923047922 has been raised for social site detection.
10. OTRS 2018040923048832 has been raised for RSA Trojan drop point.
11. OTRS tickets has been raised for smokescreen alerts.
12. Malicious URL "www[.]jqwww[.]download" is identified by akamai. the analysis report is shared with Rishabh D and team for further action.
13. Closure status has been updated in tracker for incident RSA, Smokescreen, Fireeye, Bluecoat, Carbon Black.
14. We have observed a wannacry files on a Axis Bank host through CB. Same we have observed 445 connection on smokescreen but while downloading this file for further analysis Symantec has removed this file from the mentioned path due on access scan.
Also observed Symantec Signature observed “OS Attack: Microsoft SMB MS17-010 Disclosure Attempt” which is blocked by Symantec AV.
Hash value were already blocked on Symantec ATP and on Carbon Black.
We have shared detailed analysis report to infosec Team and also shared recommended action to IR.OM team. Incident report "AXI-ISA-250" has been created for detailed analysis report.
15. User list who have allowed unsafe browsing through ISLA/VDI etc via proxy has been updated and shared with Anand and team.
16. Analysis has been shared to the SOC team for reported ticket 2018040223019993 regarding AV infection. Also, AXI-ISA-252 & AXI-ISA-253 has been raised for the same.
17. Abhay has reported suspicious mail. We have analyzed email header. Email is ctegorized as a SPAM. We have asked respective team to block domain, Email ID and IP OTRS ticket 2018040923045513 has been raised for the same. Also shared recommended action to user.
18. Weekly Akamai report (1st April to 7th April 2018) has been shared to CISO sir and team.