CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 3 of 3

Thread: Microsoft Azure acting as C&C?

  1. #1
    Join Date
    2012-07-10
    Location
    Zurich, Switzerland
    Posts
    224
    Rep Power
    6

    Default Microsoft Azure acting as C&C?

    this morning, a bunch of Antibot Events popped up saying that the Anti-bot Blade prevented Communination with C&C site 13.107.4.52. The protection name is Operator.Trickbot.dh.
    Reverse Lookup shows that 13.107.4.52 is a MicroSoft Azure IP address.

    How big is the probability that we have a false positive here?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,246
    Rep Power
    15

    Default Re: Microsoft Azure acting as C&C?

    Colleagues seen some of this based on protection name

    There was some investigation work done which indicated that likely a false positive.

    Was reported to Check Point and waiting on resolution/confirmation at the moment.

  3. #3
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,388
    Rep Power
    15

    Default Re: Microsoft Azure acting as C&C?

    This was a false positive.

    The URL in question was being communicated with by the Trickbot Banking Trojan as part of a connectivity check.
    It was added as a Command and Control site into ThreatCloud.
    Within 5 hours, the URL was revoked.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. Microsoft Azure CheckPoint virtual appliance
    By Trevor2sms in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 9
    Last Post: 2016-02-29, 03:21
  2. Azure Documentation
    By mcnallym in forum Installing And Upgrading
    Replies: 5
    Last Post: 2015-03-31, 14:49
  3. Azure vpn
    By larsdemo in forum Check Point Small Appliances
    Replies: 5
    Last Post: 2014-07-25, 09:54
  4. Nokia IP380's both acting as VRRP Master
    By under_score in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 14
    Last Post: 2009-07-20, 12:35
  5. SecureClient/FW acting crazy!
    By Hit-N-Run in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-08-02, 22:39

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •