Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 40 replies
  • Answers 4 answers
  • Subscribers 24 subscribers
  • Views 331155 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A Originating from AFCd?

JohnRiley

Hi everyone, looks like I have a similar situation to a few people.

NO Windows machines on the network, just OSX and Linux (QNAP).   Woke up to over 1400 emails regarding ATP C2/Generic-A.   But the originiating seems to be from AFCd?  Any idea what this is?

Googling has given me no ideas.    Any ideas anyone?



This thread was automatically locked due to age.
Parents
  • 0 
    Yep, here too (Germany). Started Sunday morning, all chinese IPs:

    2016:03:20-03:46:53 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.227" dstip="62.225.50.101" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="YwTB6532e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-03:47:51 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.227" dstip="62.225.50.107" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="DnvS6b32e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-03:57:14 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="62.225.50.97" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="ILxQ6132e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:07:16 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.225" dstip="62.154.197.164" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="zQFna4c59a3e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:07:16 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="62.154.197.163" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="wQHMa3c59a3e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:17:28 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="62.154.197.162" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1"
Reply
  • 0 
    Yep, here too (Germany). Started Sunday morning, all chinese IPs:

    2016:03:20-03:46:53 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.227" dstip="62.225.50.101" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="YwTB6532e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-03:47:51 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.227" dstip="62.225.50.107" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="DnvS6b32e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-03:57:14 wall-1 afcd[31331]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="62.225.50.97" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="ILxQ6132e13e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:07:16 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.225" dstip="62.154.197.164" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="zQFna4c59a3e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:07:16 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="62.154.197.163" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="wQHMa3c59a3e.app.anmorencai.com" url="-" action="drop"
2016:03:20-04:17:28 wall-1 afcd[19366]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="62.154.197.162" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1"
Children
No Data
Unfiltered HTML