On October 24, 2020, the behavioral analytic DOMAIN_ANALYSIS_TLS alerted on the domain polobear[.]shop across multiple financial and energy environments. This was easily identifiable by using IronNet’s Collective Defense products (IronDefense and IronDome), which allow for easy querying of geographically dispersed events. With this information, IronNet’s cyber operation capability, the CYOC, acted to ensure how and to what extent these other customers were impacted.
An informational cyber threat alert to protect corporate infrastructures
Note that IronNet is publishing this informational bulletin because we have ensured that customer equities have been safeguarded; however, the domain in question is still active and a threat to corporate infrastructures. IronNet believes that this domain should be blocked and, if seen on your network, the traffic and hosts should be investigated.
Learn more about how IronNet’s CyOC multiples SOC capabilities.
*** This is a Security Bloggers Network syndicated blog from IronNet Blog authored by Marc Fruchtbaum and Stephen Monaco. Read the original post at: https://www.ironnet.com/blog/beware-of-polobear-malicious-domain