活動 - 02_資安事件及異常紀錄 - MIS部門作業管理平台

活動

起 2023-09-19 迄 2023-09-28

2023-09-28

13:42 非法入侵 #279: veolia - Incident - SSH service exposed - 60.248.4.74:22(ULPU): INCIDENT - CLOSING

  low  
Name:

SSH service exposed - 60.248.4.74:22
Service:

  CTI   
Created at:
... Joy Liao
13:29 非法入侵 #279 (Closed-關閉): veolia - Incident - SSH service exposed - 60.248.4.74:22(ULPU): INCIDENT - CLOSING  low  
Name:
SSH service exposed - 60.248.4.74:22
Service:  CTI   
Created at:
2023-07-19 1... Joy Liao
13:39 非法入侵 #284 (Closed-關閉): veolia - Incident - Authentication portal exposed - https://60.248.4.77:900/ - CLOSING(ULPU): INCIDENT - CLOSING

  low  
Name:

Authentication portal exposed - https://60.248.4.77:900/
Service:

  ... Joy Liao
13:35 非法入侵 #283 (Closed-關閉): veolia - Incident - Exposed authentication portal: Fortinet - https://202.39.219.151:10443/ - CLOSING(XinDian): INCIDENT - CLOSING

  medium  
Name:

Exposed authentication portal: Fortinet - https://202.39.219.151:10443... Joy Liao
13:33 非法入侵 #282 (Closed-關閉): veolia - Incident - Fortinet authentication portal exposed - https://118.163.66.37:10443/remote/login?lang=en - CLOSING(WC): INCIDENT - CLOSING
  low  
Name:
Fortinet authentication portal exposed - https://118.163.66.37:10443/remote/log... Joy Liao
13:32 非法入侵 #281 (Closed-關閉): veolia - Incident - SSH service exposed - 60.248.4.77:2222 - CLOSING(ULPU): INCIDENT - CLOSING
  low  
Name:
SSH service exposed - 60.248.4.77:2222
Service:
  CTI   
Created at:
2023... Joy Liao
13:31 非法入侵 #280 (Closed-關閉): veolia - Incident - Exposed authentication portal - https://118.163.66.42/auth.html - CLOSING(WC): INCIDENT - CLOSING
  medium  
Name:
Exposed authentication portal - https://118.163.66.42/auth.html
Service:
... Joy Liao

2023-09-27

10:45 非法入侵 #192 (In process-進行中): pc17(wlkygg.exe): 已將網路斷線,設備交廠商處理中。益利周
10:44 非法入侵 #193 (In process-進行中): pc17(convert.exe): 已將網路斷線,設備交廠商處理中。益利周
10:44 非法入侵 #194 (In process-進行中): pc17(未確認 121125.crdownload): 已將網路斷線,設備交廠商處理中。益利周
10:44 非法入侵 #205 (In process-進行中): pc17(wlkygg.exe): 已將網路斷線,設備交廠商處理中。益利周
10:43 非法入侵 #207 (In process-進行中): pc17(未確認 121125.crdownload): 已將網路斷線,設備交廠商處理中。益利周
10:41 非法入侵 #198 (Resolved-解决): ulpu-xz-pc-0003(diassetup.exe): 設備已重置回原廠值,重新設定。益利周
10:38 非法入侵 #200 (Resolved-解决): ksrfb20105(wretchxdv.exe): 已格式化隨身硬碟，並宣導USB等外接設備使用注意事項。益利周

2023-09-26

13:42 非法入侵 #215: taholt-mt08(produkey.exe): 125.227.240.165 / 192.168.5.71
B00714@TAHOHO 達鹿蔡孟昌益利周
13:42 非法入侵 #214: taholt-mt08(produkey.exe): 125.227.240.165 / 192.168.5.71
B00714@TAHOHO 達鹿蔡孟昌
益利周

2023-09-25

11:57 非法入侵 #214: taholt-mt08(produkey.exe): Path
e:\20200225\desktop\produkey\x86\produkey.exe Joy Liao
11:54 非法入侵 #214 (Closed-關閉): taholt-mt08(produkey.exe): Path
e:\20200225\desktop\produkey\x86\produkey.exe Joy Liao
11:55 非法入侵 #215 (Closed-關閉): taholt-mt08(produkey.exe): Path
e:\c槽資料夾\users\維修公用1\desktop\produkey\x86\produkey.exe Joy Liao

2023-09-23

17:06 非法入侵 #201 (Resolved-解决): pc307(unset.exe): 益利周
16:59 非法入侵 #201: pc307(unset.exe): 疑為舊版 Yahoo tools bar,目前未使用,已直接刪除. 益利周
16:24 非法入侵 #201: pc307(unset.exe): A70031@TAHOHO
210.61.66.31
總公司朱奕璇
益利周
13:50 非法入侵 #201 (Closed-關閉): pc307(unset.exe): Path
c:\users\miachu\appdata\local\yahoo\yset\unset.exe Joy Liao
17:02 非法入侵 #179: taholt-ma02( libxslt_pipes.html): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
17:02 非法入侵 #178: taholt-ma02(gdp-handbook.html): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
17:02 非法入侵 #180: taholt-ma02(produkey.exe): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
17:01 非法入侵 #181: ulpu-xd-pc-0002(ffinst.exe): 陳伯松@ULPU-XD-PC-0002
122.116.81.43 上水-汐止益利周
16:30 非法入侵 #208: ulpu-ds-pc-0002( produkey.exe): 118.163.226.181(上水-大樹) 益利周
13:52 非法入侵 #208 (Closed-關閉): ulpu-ds-pc-0002( produkey.exe): Description
Known malware was detected
Detection name
Gen:Variant.Application.NirSoft.249982
Path
d:\produkey.exe Joy Liao
16:30 非法入侵 #204: tc990107(tclookfac2.cab): 192.168.6.39
990107@TAHOHO 台中廠陳志銘
59.126.19.22 達和-台中益利周
13:51 非法入侵 #204 (Closed-關閉): tc990107(tclookfac2.cab): Description
Known malware was detected
Detection name
Gen:Variant.Lazy.391822
Path
d:\taho\soe\tcfac2_ver1.6\tcl... Joy Liao
16:28 非法入侵 #203: tphq7lap328d( office.cmd): 192.168.0.109
192.168.1.103
192.168.10.10
Dennis WANG@TPHQ7LAP328D 益利周
13:51 非法入侵 #203 (Closed-關閉): tphq7lap328d( office.cmd): Description
Known malware was detected
Detection name
Trojan.GenericKD.69089948
Path
e:\20230617\winapp\offi... Joy Liao
16:26 非法入侵 #202: ulpu-zd-pc-0008(aimgr.exe): 60.248.187.126 上水-竹東
益利周
13:50 非法入侵 #202 (Closed-關閉): ulpu-zd-pc-0008(aimgr.exe): Description
Known malware was detected
Detection name
Gen:Variant.Babar.230789
Path
c:\program files\microso... Joy Liao
16:21 非法入侵 #198: ulpu-xz-pc-0003(diassetup.exe): 10.15.81.97
125.229.74.111 上水-新莊益利周
16:19 非法入侵 #196: ulpu-ds-pc-0002(aliim.exe): 118.163.226.181(上水-大樹) 益利周
16:18 非法入侵 #196: ulpu-ds-pc-0002(aliim.exe): 上水-大樹益利周
16:19 非法入侵 #197: ulpu-ds-pc-0002(0_beta_package.released): 118.163.226.181(上水-大樹) 益利周
16:18 非法入侵 #195: ulpu-ds-pc-0002(produkey.exe): 118.163.226.181 上水-大樹益利周
16:16 非法入侵 #192: pc17(wlkygg.exe): 10.15.81.53 上水-新莊益利周
16:16 非法入侵 #193: pc17(convert.exe): 10.15.81.53 上水-新莊益利周
16:16 非法入侵 #194: pc17(未確認 121125.crdownload): 10.15.81.53 上水-新莊益利周
16:16 非法入侵 #205: pc17(wlkygg.exe): 10.15.81.53 上水-新莊益利周
13:51 非法入侵 #205 (Closed-關閉): pc17(wlkygg.exe): Description
Known malware was detected
Detection name
Win32.Sality.3
Path
i:\wlkygg.exe Joy Liao
16:15 非法入侵 #207: pc17(未確認 121125.crdownload): 10.15.81.53 上水-新莊益利周
13:52 非法入侵 #207 (Closed-關閉): pc17(未確認 121125.crdownload): Description
Known malware was detected
Detection name
Trojan.GenericKD.30700238
Path
c:\users\user\downloads\未確認... Joy Liao
16:13 非法入侵 #191: ulpu-xd-pc-0002(d26b4c91e09ad8987f99894799a4a4943aafbf1d): 陳伯松@ULPU-XD-PC-0002
122.116.81.43 上水-汐止益利周
16:13 非法入侵 #190: ulpu-xd-pc-0002(data1.cab): 陳伯松@ULPU-XD-PC-0002
122.116.81.43 上水-汐止益利周
16:11 非法入侵 #189: ulpu-ds-pc-0002(aliim.exe): 118.163.226.181(上水-大樹) 益利周
16:11 非法入侵 #188: ulpu-ds-pc-0002(0_beta_package.released): 118.163.226.181(上水-大樹) 益利周
16:10 非法入侵 #187: ulpu-ds-pc-0002(阿里旺旺.lnk): 118.163.226.181(上水-大樹)
益利周
16:07 非法入侵 #186: taholt-ma02(3(1).html): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
16:07 非法入侵 #185: taholt-ma02(3(2).html): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
16:07 非法入侵 #184: taholt-ma02(3.html): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
16:06 非法入侵 #183: taholt-ma02(秉聖科技有限公司.htm): 192.168.5.113
B00748 達鹿維修課機械組長
125.227.240.165 益利周
16:04 非法入侵 #182: tphq7lap328d(20140109 竣工.zip): Dennis WANG@TPHQ7LAP328D 益利周
16:01 非法入侵 #200: ksrfb20105(wretchxdv.exe): KSRFB20105
114.35.240.127 (達清-大發)
B20105 達和大發李明璋益利周
13:49 非法入侵 #200 (Closed-關閉): ksrfb20105(wretchxdv.exe): 描述
偵測到已知惡意軟體
檢測名稱
木馬.Generic.7382596
小路
e:\祕密花園\小天地\硬碟03\無名照片\wretchxdv.exe Joy Liao

匯出至 Atom

專案

一般

配置概況

(02)異常管理 » 02_資安事件及異常紀錄

活動

活動

2023-09-28

2023-09-27

2023-09-26

2023-09-25

2023-09-23