We have received an abuse report from ncsc-fi-autoreporter@traficom.fi.
Please check the report for details and fix any (potential) problems:
——
NCSC-FI has received information regarding IP-addresses in your network which may have security problems. The information regarding the problems is included as an attachment in CSV format. Data lines have the following format:
asn|ip|source time|domain name|cc|type|uuid|info
Here cc refers to the country code, type to the type of the security problem, and uuid is the unique identifier of the event in Autoreporter. The info column is reserved for any additional information. The column always includes an anonymous identifier for the datasource that is used in the report. All timestamps are given in UTC.
This report is electronically signed using the PGP-key of Autoreporter. The key is available at
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/NCSC-FI_AUTOREPORTER_2019-2024.txt
For more information on the reported events please contact NCSC-FI at cert@traficom.fi.
Network:
— — asn: 24940
— — ip range:
Report:
— — start UTC time: 2023-07-28 06:00:12Z
— — end UTC time: 2023-07-29 06:00:14Z
24940|65.109.122.169|2023-03-23 04:05:23Z||FI|bot|32590855-2bf6-4e16-bfca-35a7931ae98b|Datasource: b, Malware: andromeda/gamarue, C&C Ip: 104.209.44.116, C&C Port: 80, Http Request: /, Source Port: 57778
24940|65.109.122.169|2023-03-23 00:00:11Z||FI|bot|e607979c-8379-4eed-b7a0-341b97257f2a|Datasource: b, Malware: ranbyus, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 59638
24940|65.109.122.169|2023-03-23 00:01:32Z||FI|bot|67b82452-f8d1-4651-9f8d-952aed3e73bd|Datasource: b, Malware: matsnu, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 51523
24940|65.109.122.169|2023-03-23 00:04:36Z||FI|bot|baf09f11-a33b-496b-98c9-c254c7f1296a|Datasource: b, Malware: nymaim, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 53864
24940|65.109.122.169|2023-03-23 00:05:53Z||FI|bot|5217028d-43c1-484c-b5a8-f4b927ba2a95|Datasource: b, Malware: panda banker, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 62159
24940|65.109.122.169|2023-03-23 00:18:34Z||FI|bot|1d59fb7f-d238-4539-a05e-224f7982e824|Datasource: b, Malware: teslacrypt, C&C Ip: 216.218.135.114, C&C Port: 80, Source Port: 56114
24940|65.109.122.169|2023-03-23 00:38:42Z||FI|bot|3bdb66f5-40e8-4add-8e5e-321a98161c55|Datasource: b, Malware: andromeda/gamarue, C&C Ip: 184.105.192.2, C&C Port: 80, Source Port: 61100
24940|65.109.122.169|2023-03-23 00:46:36Z||FI|bot|6a009f76-89ff-4bfd-ab14-3871b9e1d005|Datasource: b, Malware: rovnix, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 56808
24940|65.109.122.169|2023-03-23 01:43:51Z||FI|bot|6bb198e5-361c-428d-8af9-faf5c9445f2d|Datasource: b, Malware: nymaim, C&C Ip: 184.105.192.2, C&C Port: 80, Source Port: 59117
24940|65.109.122.169|2023-03-23 02:32:27Z||FI|bot|79f9b6d5-b6f8-4389-a1e8-529a5fe10da7|Datasource: b, Malware: tinba, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 55040
24940|65.109.122.169|2023-03-23 03:41:40Z||FI|bot|f369694d-f8fa-4c3c-bb87-7bcdcb67a9fd|Datasource: b, Malware: avalanche, C&C Ip: 184.105.192.2, C&C Port: 80, Source Port: 51709
24940|65.109.122.169|2023-03-23 08:10:21Z||FI|bot|d5108f13-f340-468d-9ab5-73ad95c75937|Datasource: b, Malware: kins zeus, C&C Ip: 216.218.135.114, C&C Port: 80, Source Port: 58659
24940|65.109.122.169|2023-03-23 14:55:17Z||FI|bot|8329b700-c4b2-454a-9bb8-df1d4661cd0a|Datasource: b, Malware: urlzone, C&C Ip: 64.71.166.50, C&C Port: 80, Source Port: 57580
24940|65.109.122.169|2023-03-23 18:22:17Z||FI|bot|0aa2c691-e1cb-4f36-8747-bbf35930f239|Datasource: b, Malware: corebot, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 59864
