We have received an abuse report from ncsc-fi-autoreporter@traficom.fi.
We are automatically forwarding this complaint on to you, for your information. You do not need to respond, but we do expect you to check the report and to resolve any (potential) issues.
Information:
——
——BEGIN PGP SIGNED MESSAGE——
Hash: SHA512
NCSC-FI has received information regarding IP-addresses in your network which may have security problems. The information regarding the problems is included as an attachment in CSV format. Data lines have the following format:
asn|ip|source time|domain name|cc|type|uuid|info
Here cc refers to the country code, type to the type of the security problem, and uuid is the unique identifier of the event in Autoreporter. The info column is reserved for any additional information. The column always includes an anonymous identifier for the datasource that is used in the report. All timestamps are given in UTC.
This report is electronically signed using the PGP-key of Autoreporter. The key is available at
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/NCSC-FI_AUTOREPORTER_2019-2024.txt
For more information on the reported events please contact NCSC-FI at cert@traficom.fi.
Network:
— — asn: 24940
— — ip range:
Report:
— — start UTC time: 2024-01-22 07:00:12Z
— — end UTC time: 2024-01-23 07:00:11Z
——BEGIN PGP SIGNATURE——
24940|65.21.123.37|2024-01-22 12:35:24Z||FI|bot|b27185ea-fd10-4b36-a843-69f4ed38dcbb|Datasource: l, Malware: panda banker, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-PANDABANKER, Source Port: 61738
24940|65.21.123.37|2024-01-22 14:00:47Z||FI|bot|4bae1e86-5da2-45de-b866-41656ca5e49d|Datasource: l, Malware: unspecified bot, C&C Ip: 184.105.192.2, C&C Port: 80, Additional Information: B67-SS-GENERIC, Source Port: 57284
24940|65.21.123.37|2024-01-22 15:37:08Z||FI|bot|69ef63f8-c4f0-42a4-aca1-11409fefa86d|Datasource: l, Malware: nymaim, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-NYMAIM, Source Port: 49946
24940|65.21.123.37|2024-01-22 21:21:20Z||FI|bot|ee65e8d3-f0e5-47f7-b499-55ee393b730f|Datasource: l, Malware: bamital, C&C Dns: 1click2us.info, C&C Ip: 199.2.137.138, C&C Port: 80, Http Request: /, Additional Information: B58-CODE1, Source Port: 54881
24940|65.21.123.37|2024-01-22 21:52:03Z||FI|bot|8ece48cc-ddea-4216-8068-5498e51ecef9|Datasource: l, Malware: citadel, C&C Dns: 1nbank.info, C&C Ip: 199.2.137.203, C&C Port: 80, Http Request: req, Additional Information: B54-OLD, Source Port: 49171
24940|65.21.123.37|2024-01-22 21:38:29Z||FI|bot|daae5b95-cf8e-4421-a4b7-d932ce2015ac|Datasource: l, Malware: rovnix, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-ROVNIX, Source Port: 59052
24940|65.21.123.37|2024-01-22 21:53:27Z||FI|bot|dce6e3b1-8d15-469e-9b95-3d4f295e35e2|Datasource: l, Malware: corebot, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-COREBOT, Source Port: 58431
24940|65.21.123.37|2024-01-22 22:26:02Z||FI|bot|ef6de770-c6c0-486b-bfb1-899db815db21|Datasource: l, Malware: urlzone, C&C Ip: 64.71.166.50, C&C Port: 80, Additional Information: B67-SS-URLZONE, Source Port: 52333
24940|65.21.123.37|2024-01-22 22:29:39Z||FI|bot|9bfee673-eaf6-4cbd-b027-d3a55dd3a400|Datasource: l, Malware: nymaim, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-NYMAIM, Source Port: 55400
24940|65.21.123.37|2024-01-22 23:17:48Z||FI|bot|da595121-e6a6-49f6-8993-fc3091812645|Datasource: l, Malware: citadel, C&C Dns: 20-2.eu, C&C Ip: 199.2.137.203, C&C Port: 80, Http Request: req, Additional Information: B54-OLD, Source Port: 65009
24940|65.21.123.37|2024-01-22 22:53:06Z||FI|bot|5b87c634-495b-41ed-a09c-8d720bd452ca|Datasource: l, Malware: unspecified bot, C&C Ip: 184.105.192.2, C&C Port: 80, Additional Information: B67-SS-GENERIC, Source Port: 64344
24940|65.21.123.37|2024-01-22 23:43:41Z||FI|bot|e9c3be85-621b-45c2-8467-6df8df7f7eca|Datasource: l, Malware: panda banker, C&C Ip: 216.218.185.162, C&C Port: 80, Additional Information: B67-SS-PANDABANKER, Source Port: 52506
24940|65.21.123.37|2024-01-23 00:36:34Z||FI|bot|dff62f46-1ba6-4f6e-9bf4-95bec1f251f8|Datasource: l, Malware: gamarue, C&C Ip: 184.105.192.2, C&C Port: 80, Additional Information: B67-SS-Gamarue, Source Port: 53449
——
