02-11-2020 06:16 AM
Things appeared to go sideways yesterday (02/10) with regard to the data in the SLIC feed - as we received 40+ alerts of C&C activity as users were browsing to www.google.com - the destination IPs were what is expected for Google
The destination C&C server group in question was Azorult
Today it seems to have returned to normal
Couple of questions:
I'm looking for a way to query the IP addresses in a given SLIC feel host group
Curious if anybody else saw similar behavior
Thanks,
Bob