|Source||220.127.116.11 (United States)||40028|
- Turkojan is a RAT, details here:
- It is generally associated with malicious actors.
- Possible code reuse or someone picked up old malware.
- Endpoint belongs to Microsoft. It is not in published Azure space, but it is adjacent to that space.
- No PTR, no reverse DNS services or threat crowd turn it up.
- Ports are 40k plus.
- Traffic is all, or appears to be, encrypted.
- Not suspicious:
- Matching text is small.
- Turkojan is very old malware. The probability that new infections are happening is low.
- No other events on this system.
- Enough indicators here to scan if possible.
- This is an Android phone on the WiFi.
- False Positive since this is a windows RAT.
- No further action.