We have received an abuse report from ncsc-fi-autoreporter@traficom.fi.
We are automatically forwarding this complaint on to you, for your information. You do not need to respond, but we do expect you to check the report and to resolve any (potential) issues.
Information:
——
NCSC-FI has received information regarding IP-addresses in your network which may have security problems. The information regarding the problems is included as an attachment in CSV format. Data lines have the following format:
asn|ip|source time|domain name|cc|type|uuid|info
Here cc refers to the country code, type to the type of the security problem, and uuid is the unique identifier of the event in Autoreporter. The info column is reserved for any additional information. The column always includes an anonymous identifier for the datasource that is used in the report. All timestamps are given in UTC.
This report is electronically signed using the PGP-key of Autoreporter. The key is available at
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/NCSC-FI_AUTOREPORTER_2019-2024.txt
For more information on the reported events please contact NCSC-FI at cert@traficom.fi.
Network:
— — asn: 24940
— — ip range:
Report:
— — start UTC time: 2024-01-23 07:00:11Z
— — end UTC time: 2024-01-24 07:00:10Z
iQIzBAEBCgAdFiEEg1mZyDyMiOAxIHs40THbfFWUSSwFAmWwtXwACgkQ0THbfFWU
SSx9Cg/6Arv4jUJZQOZsuGZ0j8OejvryuZmjbcizThbDOqiHLQ8CVvrGiRWxFHFP
hy9wWY24IgSeqeQaDgeiOzfrNOWomIm0k+6CNj3//Bx1blTatNyzdKMfh+QocXk7
QhVcvGeMkz+ZWQykbXpY2BVJewgKwL9/4ERlU9RW6vJDjXtIVplyaXzYVP2jsg9C
CITv9MqA4IHoOANoPRUFMB7WZWr+Bj1KrqJX8z/prDyH1iCNZNo5uB6i0l+OvO3W
sKzNwS5eck5UZE/sk09NsN+PTgHm3iXCNsfZH9hFO5jcN5xIRtTd+G1OiNPlUwnC
Im+lRv6rmqKj9y/frqjfUPdLpV9odpZAtkSJd55iWDhp8YMZaWtrLl9s23uhifS4
GKzwFjR7r4z/CWDdMtlnVcavXa6fNW2rOkc2c7oXt76MmyVVT+ggaqgVEXPM6O3v
7yVAAfVh+IC0L3ajsHb6gFwzrkTN2APQRwHSKvU5vkt7Qkl5FOtnm5cKGUmjFMlA
0p5uTxvI3cYP9gok8N98uDqcChuiU1IhLhT/lq2kEXsm3fIZegfYM6ncls6iwHWR
zdEmLmNBj6O+1OL6V+vqw6kw7PpyHIsDdUNOB482TmOIaDEp7yCzURH41LnMvKGx
22AaOAVerXyrTNowcMi5Huf1ViozoLdf+wBJtJ4gimya/QvPx54=
=rsx9
——END PGP SIGNATURE——
24940|65.21.123.37|2024-01-22 12:21:29Z||FI|bot|961ba1a0-ad87-4c90-842e-19c47e4f2f16|Datasource: b, Malware: tsifiri, C&C Ip: 178.162.203.211, C&C Port: 80, Http Request: GET / HTTP/1.0, Source Port: 60257
24940|65.21.123.37|2024-01-22 12:21:29Z||FI|bot|d6a965d9-62c6-4561-927b-444d92e16d9e|Datasource: b, Malware: tsifiri, C&C Ip: 178.162.217.107, C&C Port: 80, Http Request: GET / HTTP/1.0, Source Port: 60338
24940|65.21.123.37|2024-01-22 12:28:24Z||FI|bot|baf09420-4534-4057-a93b-6574f218de75|Datasource: b, Malware: panda banker, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 58042
24940|65.21.123.37|2024-01-22 13:17:40Z||FI|bot|32cf32ca-7f64-46a2-a726-628183ac673b|Datasource: b, Original Event Source: SecurityScorecard, Malware: panda banker, C&C Dns: 0394ecf00d47.com, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 58184
24940|65.21.123.37|2024-01-22 14:00:47Z||FI|bot|62b0d962-5378-42c0-b083-1ebed223c52a|Datasource: b, Malware: avalanche, C&C Ip: 184.105.192.2, C&C Port: 80, Source Port: 57284
24940|65.21.123.37|2024-01-22 14:01:31Z||FI|bot|45a28336-b8b0-41d2-a50b-79a5046f5878|Datasource: b, Original Event Source: SecurityScorecard, Malware: monero miner, C&C Dns: 080a553efef5c.org, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 54146
24940|65.21.123.37|2024-01-22 14:27:05Z||FI|bot|6d3bc151-db07-4075-9ea3-4c635f67bc10|Datasource: b, Original Event Source: SecurityScorecard, Malware: chinad, C&C Dns: 0juglgdo0qrcwef6.info, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 58461
24940|65.21.123.37|2024-01-22 14:32:13Z||FI|bot|ebbcbd6e-04ff-4e73-9c94-061aed1ab68f|Datasource: b, Malware: bumblebee, C&C Ip: 178.162.217.107, C&C Port: 80, Http Request: GET / HTTP/1.0, Source Port: 53252
24940|65.21.123.37|2024-01-22 15:17:49Z||FI|bot|dead5044-ee7e-4feb-8275-fe07ae74cc10|Datasource: b, Malware: nymaim, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 65127
24940|65.21.123.37|2024-01-22 15:21:55Z||FI|bot|4ce4cc61-d2a8-438e-8dd0-8e152e368a4d|Datasource: b, Original Event Source: SecurityScorecard, Malware: gameover zeus, C&C Dns: 1068a0wccsbmj7zmlyy1u58m3o.com, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 58074
24940|65.21.123.37|2024-01-22 15:59:28Z||FI|bot|75e81581-6570-4a88-8fde-42f9eb8ab310|Datasource: b, Original Event Source: SecurityScorecard, Malware: jadtre, C&C Dns: 114central.com, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 55183
24940|65.21.123.37|2024-01-22 21:14:52Z||FI|bot|47c1b3d0-e7d6-443f-bd12-624027ecbf9f|Datasource: b, Original Event Source: SecurityScorecard, Malware: verst, C&C Dns: 1b5926ef.net, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 56292
24940|65.21.123.37|2024-01-22 21:17:58Z||FI|bot|764c7244-d1d3-4657-bae7-8986da481eb1|Datasource: b, Malware: rovnix, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 49814
24940|65.21.123.37|2024-01-22 21:53:27Z||FI|bot|34c5103c-dded-4cb5-969f-17c0501d4dce|Datasource: b, Malware: corebot, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 58431
24940|65.21.123.37|2024-01-22 22:01:16Z||FI|bot|27f2a587-5922-486a-8c73-46091cbd5807|Datasource: b, Malware: bumblebee, C&C Ip: 85.17.31.122, C&C Port: 80, Http Request: GET / HTTP/1.0, Source Port: 63903
24940|65.21.123.37|2024-01-22 22:26:02Z||FI|bot|216095d3-0f9a-4729-ad4d-f9533dbff310|Datasource: b, Malware: urlzone, C&C Ip: 64.71.166.50, C&C Port: 80, Source Port: 52333
——
