NF – POLICY – Teamviewer Master domain lookup
This alert is triggered when a DNS query from the internal network attempts to resolve a TeamViewer "master" domain, indicating that a device may be trying to establish a connection via TeamViewer.
NF – Known Gamarue alias Andromeda BotNet – Unknown sinkhole owner
This alert is triggered when a device within the internal network attempts to establish a TCP connection with IP address 204.11.56.48, which is associated with the Gamarue (also known as Andromeda) botnet. This botnet is known for distributing malware and engaging in malicious activities.
NF – Known Gamarue alias Andromeda BotNet – Unknown sinkhole owner
This alert is triggered when a device within the internal network attempts to establish a TCP connection with IP address 104.238.158.106, which is associated with the Gamarue (also known as Andromeda) botnet. This botnet is known for distributing malware and engaging in malicious activities.
NF – Bad TLD domain – ml DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .ml. This domain ending is sometimes linked to suspicious or malicious activities.
NF – Bad TLD domain – vip DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .vip. This domain ending is sometimes linked to suspicious or malicious activities.