This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 Advanced Threat Protection have threat name "C2/Generic-A" events for AD/DNS Server

Hi all:

I check our company Sophos UTM9 firewall, Advanced Threat Protection part, this have threat name "C2/Generic-A" events for AD/DNS Server as follow:

I use the sophos endpoint, malwarebytes & superantispyware to run full scan, but can't find any aviurs, Please help me to fix this problem, thanks a lot!

PS: 192.168.2.194 is primary AD & DNS Server, 192.168.2.12 is secondary AD & DNS Server.

 

 

Advanced Threat Protection
 

Total Events: 32

  User/Host Threat Name Destination Events Origin  
1 192.168.2.194 C2/Generic-A 104.31.83.243 5 AFCd
2 192.168.2.194 C2/Generic-A 104.31.83.243 5 AFCd
3 192.168.2.12 C2/Generic-A mi.kenal-cn.com 1 AFCd
4 192.168.2.12 C2/Generic-A mi.kenal-cn.com 1 AFCd
5 192.168.2.194 C2/Generic-A mi.kenal-cn.com 2 AFCd
6 192.168.2.194 C2/Generic-A mi.kenal-cn.com 2 AFCd
7 192.168.2.12 C2/Generic-A mi.kenal-cn.com 1 AFCd
8 192.168.2.194 C2/Generic-A mi.kenal-cn.com 1 AFCd
9 192.168.2.12 C2/Generic-A mi.kenal-cn.com 1 AFCd
10 192.168.2.194 C2/Generic-A mi.kenal-cn.com 2 AFCd



This thread was automatically locked due to age.
Parents
  • Same here, C2 alerts for e13678.dspb.akamaiedge.net all coming from my DNS Server:

    1     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     142       AFCd
    2     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     61         AFCd
    3     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     58         AFCd
    4     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     1 473    AFCd
    5     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     824       AFCd
    6     DNS_Server     C2/Generic-A     e13678.dspb.akamaiedge.net     440       AFCd

    And unfortunately e13678.dspb.akamaiedge.net is a CNAME for www.microsoft.com:

    Type Domain Name Canonical Name TTL
           
    CNAME www.microsoft.com www.microsoft.com-c-3.edgekey.net 60 min
    CNAME www.microsoft.com-c-3.edgekey.net www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net 6 hrs
    CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net e13678.dspb.akamaiedge.net 15 min
  • Thanks for your info., so I need the check or ignore the alerts?

Reply Children