Thursday , January 28 2021

The Government updates the cybercrime alert and publishes an expanded list of IP addresses to be blocked



"The preliminary information provided allows the following URLs and subsequent IP addresses to be locked, as indicated otherwise," said the CSIRT Internal Ministry.


The Computer Security Accident Group (CSIRT), from the Ministry of the Interior, yesterday published the cyber-security alert, with new information on the incident.

This afternoon, CSIRT published a comprehensive list of IP addresses that need to block EMOTET signals.

As a result of co-ordination, the preliminary information gathered allows the following URLs and the following IP addresses to be locked, as long as a high level communication indicates.

Website:
triosalud.cl

hxxp: //5.39.218[.]210 / dns / dns.php? DNS = "

hxxp: //5.39.218[.]210 / dns / logs / logpc.php

hxxp: //185.29.8[.]45 / 1.exe

Perhaps a damaged file:

http://www.triosalud.cl/wp/wp-content/uploads/2019/02/denuncias.rar

https://www.triosalud.cl/wp/wp-content/uploads/2019/03/tictic.txt

Block IP addresses needed: check the entire list here.

Locking must be done as flow and emission from that origin
These are the destinations, the statement.

Yesterday night, Banks and Financial Institutions Superintendent (SBIF) reported that some banks reported malicious malicious companies (malicious software) on some computers in some companies segment.

A minute later, CSIRT published a cybersecurity alert: "According to information from internal sources, cybersecurity alert alert status is linked to a malicious EMOTET, which will be affected by major economic sectors."


Source link