Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Subscribers 16 subscribers
  • Views 6750 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A threat has been detected in your network: C2/Monero-A

Martin Lenz1

Guten Morgen,

ich bekomme alle paar Tage eine Meldung, dass die Firewall Traffic von einem unserer Terminalserver geblockt hat.

Ein intensiver Scan der Maschine mit unserem Virenprogramm ergab keinen Fund.
Eine Recherche zu "Monero" ergab, dass es sich um ein Crypto Botnetz handeln könnte, alle dort aufgeführten Prozesse und Auffälligkeiten treffen bei uns nicht zu.
AUch der Link direkt von Sophos in der Fehlermeldung angegeben: https://www.sophos.com/error/404.aspx?aspxerrorpath=/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Monero-A.aspx führt ins leere...

Hat einer von euch eine Idee / Vermutung? Wie würdet ihr weiter damit umgehen?

Vielen Dank!

 



This thread was automatically locked due to age.
Parents
  • 0

    ATP LOG:
    2021:11:26-16:49:40 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:50:45 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:51:32 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:52:37 FW1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"

    Hatten letzten Freitag das gleiche Thema. War aber kein iPhone sondern ein Samsung Galaxy S8.

    Könnte ggf. eine Website mit Coinhive gewesen sein.

Reply
  • 0

    ATP LOG:
    2021:11:26-16:49:40 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:50:45 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:51:32 FW-1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"
    2021:11:26-16:52:37 FW1 afcd[14047]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="172.16.10.77" dstip="162.217.99.132" fwrule="63001" proto="6" threatname="C2/Monero-A" status="1" host="939b9e28155a3.org" url="-" action="drop"

    Hatten letzten Freitag das gleiche Thema. War aber kein iPhone sondern ein Samsung Galaxy S8.

    Könnte ggf. eine Website mit Coinhive gewesen sein.

Children
No Data
Unfiltered HTML