This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A Originating from AFCd?

Hi everyone, looks like I have a similar situation to a few people.

NO Windows machines on the network, just OSX and Linux (QNAP).   Woke up to over 1400 emails regarding ATP C2/Generic-A.   But the originiating seems to be from AFCd?  Any idea what this is?

Googling has given me no ideas.    Any ideas anyone?



This thread was automatically locked due to age.
Parents Reply Children
  • OK, I have the solution/explanation.

    If you do a 

    dig @yourWAN pqyoebe38318.app.anmorencai.com any

    you can reproduce the alert. 

    So this means the ATP listens in front of the firewall rules, regardless of the DNS service is running on the WAN or not.

    Be sure that you aren't infected :)

  • Yes, did a full scan (mal-ware etc.) 2 days ago across all systems.  Nothing of importance.

    I changed my static address about 24hrs ago now, If I was infected with something unknown, I would assume this traffic would have followed me to the new IP address by now.

    Still monitoring.