We have received an abuse report from ncsc-fi-autoreporter@traficom.fi.
We are automatically forwarding this complaint on to you, for your information. You do not need to respond, but we do expect you to check the report and to resolve any (potential) issues.
Information:
——
NCSC-FI has received information regarding IP-addresses in your network which may have security problems. The information regarding the problems is included at the end of the message. Data lines have the following format:
asn|ip|source time|domain name|cc|type|uuid|info
Here cc refers to the country code, type to the type of the security problem, and uuid is the unique identifier of the event in Autoreporter. The info column is reserved for any additional information. The column always includes an anonymous identifier for the datasource that is used in the report. All timestamps are given in UTC.
For more information on the reported events please contact NCSC-FI at cert@traficom.fi.
Network:
— — asn: 24940
— — ip range:
Report:
— — start UTC time: 2024-01-24 07:00:10Z
— — end UTC time: 2024-01-25 07:00:21Z
24940|65.21.123.37|2024-01-23 00:08:54Z||FI|bot|4273fe23-8ae7-4d22-a1fc-e4ed8f717213|Datasource: b, Malware: panda banker, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 49937
24940|65.21.123.37|2024-01-23 00:36:34Z||FI|bot|2a15f8ad-b546-4bbd-970a-e4e6d98a753e|Datasource: b, Malware: andromeda/gamarue, C&C Ip: 184.105.192.2, C&C Port: 80, Source Port: 53449
24940|65.21.123.37|2024-01-23 00:38:05Z||FI|bot|baf3e02d-ca52-4f51-bcfc-8b6c4602c4d3|Datasource: b, Malware: nymaim, C&C Ip: 216.218.185.162, C&C Port: 80, Source Port: 50865
24940|65.21.123.37|2024-01-23 02:33:25Z||FI|bot|940b6a4d-07c3-4d75-90a3-7ec2c2091533|Datasource: b, Original Event Source: SecurityScorecard, Malware: bitcoinminer, C&C Dns: 2cv7ph1o.com, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 51060
24940|65.21.123.37|2024-01-23 02:43:24Z||FI|bot|aee1f2e1-febb-4c4a-84ff-03612bfc4685|Datasource: b, Malware: bumblebee, C&C Ip: 178.162.203.202, C&C Port: 80, Http Request: GET / HTTP/1.0, Source Port: 53379
24940|65.21.123.37|2024-01-23 03:05:35Z||FI|bot|455c0f28-9477-4c4a-9114-5964a39ac0a3|Datasource: b, Original Event Source: SecurityScorecard, Malware: chinad, C&C Dns: 2oertmpv3beoyyyz.info, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 65195
24940|65.21.123.37|2024-01-23 07:16:26Z||FI|bot|cb1da0ca-b1cb-4bdd-adba-060649255ce8|Datasource: b, Original Event Source: SecurityScorecard, Malware: monero miner, C&C Dns: 3faf838b6e394.org, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 53138
24940|65.21.123.37|2024-01-23 08:04:39Z||FI|bot|e0497fb9-3095-45e7-aaaa-64d7d98dbc9c|Datasource: b, Original Event Source: SecurityScorecard, Malware: gameover zeus, C&C Dns: 3xp05b1x9qvhx1w5rg4wo40966.com, C&C Ip: 208.100.26.245, C&C Port: 80, Http Request: /, Source Port: 49533
——
