• A
  • A
  • A

IPV6 Test         email Hindi Marathi


What's New

Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal


Broadband-GSM Companion Scheme with monthly Free 3G data for the existing & new Broadband Customers.
Limited Period Offer..

For More Details Click Here


Promotional FUP Broadband plan is launched for the limited period.

Click here for to know more


Launch of STV 171 with Unlimited calls & 1.5 GB data/day

Click here for details of more such packs...


Dial 14546 to link up your Aadhar Card No. with MTNL Mobile Number

For More Details Click Here


Now MTNL, Mumbai Landline/Dolphin customers can pay their bills using UPI, BharatQR on Selfcare Portal

Click here for Selfcare Portal



To Let

Prime Commercial Space on Rent

More than 3 Lac Sq. Ft. commercial space in MTNL Buildings at strategic locations across Mumbai, Navi Mumbai & Mira-Bhayandar available for lease For more details click here

Renting Space for Vending Van Parking at BKC TE Compound

For more details click here

Tenders

  • Currently No Tenders Available.

    •  

      Integrity Pact & IEM

       

       

      Click Here For CVC Circular Regarding Integrity Pact

       

      A new committee of Independent External Monitors has been formed as per the details given below:


      Name                                                     E-mail ID

      (1) Shri Dhruv Kumar Agarwal               This email address is being protected from spambots. You need JavaScript enabled to view it.
      (2) Shri V.K. Gupta                                 This email address is being protected from spambots. You need JavaScript enabled to view it.
      (3) Ms. Alka Sirohi                                  This email address is being protected from spambots. You need JavaScript enabled to view it.

       

      Last Updated: 29 Dec,2017

      Last Updated: 23rd Jun 2018


       

      Cyber Security Alerts

      Banking Trojan Emotet

      Banking   Trojan Emotet :-

           The Emotet Trojan designed to steal banking credentials and other sensitive information, and is most often propagated by way of phishing emails containing a crafted document purporting to be invoices or other business communications or links to similar Reportedly, a surge in the emotet activity is observed involves the use of a spam botnet, which results in its rapid distribution via email thus distributing IcedID,TRICKBOT etc. Emotet can also spread via a network propagation module that brute forces its way into an account domain using a dictionary attack. Emotet’s use of compromised URLs as C&C servers likely helped it spread as well.  Once Emotet has infected a host, a malicious file that is part of the malware is able to intercept, log, and save outgoing network traffic via a web browser leading to sensitive data  being compiled to access the victi m's bank account. According to reports, The Trojan may download the following modules to carry out various tasks:

      Banking module

      Distributed denial of service (DDoS) module

      Spam module

      Email client infostealer module

      Browser infostealer module

      Personal Storage Table (PS T) infostealer module

      Recommendations

        Monitor Connection attempts towards the listed domains /IPs. The list may include compromised domains /IP resources as well. Blocking the domains / IPs is solely the recipients responsibility after diligently verifying them without impacting the operations. Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these befo re receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputableantivirus solution.

      Enforce application whitelisting on all endpoint workstations. This will prevent droppers or unauthorized software from gaining execution on endpoints. Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block ma cros originating from the Internet from running. Restrict execution of powershell /WSCRIPT in enterprise environment. Ensure installation and use of the latest version (currently v5.0) of PowerShell,with enhanced logging enabled script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.

      Information Stealer Backdoor Malware Darkcomet

      Reports of Darkcomet RAT variants that collects and exfiltrates system information, user credentials, cryptocurrency wallets, browser info, and login credentials. It is designed to allow a remote operator to perform various specific functions, such as recording the victim's information and downloading additional malicious payloads.

      When executed, the malware checks if the following Anti-Virus (AV) applications are installed:

      • Bitdefender
      • Kaspersky Anti-Virus

      It installs a copy of the malware into the following directories:

       PathRemarks
       %TEMP%\data.bin --
      %TEMP%\data.exe --
      %TEMP%\S-winup.exe --
      C:\41-9322255461-12-5-1-S\S-1-5-21-1645522239-14.exe The folder and the file names are generated using access token information (SID).
      %AppData%\4FB42C\C0FA36.hdb Contains the hash of the exfiltrated data.
      %AppData%\4FB42C\C0FA36.lck A lock file for decrypting Windows Credentials or Keylogging
      %AppData%\4FB42C\C0FA36.exe Installed copy of the malware used for persistence
      %AppData%\4FB42C\C0FA36.kdb Keylogger data to be sent to the C2 server


      It verifies if the current user is a member of the local administrators and attempts to bypass User Account Control (UAC) using the following commands:

      • /c reg add hkcu\Environment /v windir /d "cmd /c start %TEMP%\data.exe
      • /f && exit
      • /c schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I && exit
      • /c reg delete hkcu\Environment /v windir /f && exit

      It logs victim's activities in plaintext such as keystrokes, along with time, clipboard changes, applications and more into "%AppData%\dclogs\YY-MM-DD-00.dc". It attempts to connect to a domain "dkcengin.ddns.net" using port 4891 and waits for commands from the C2 or controller.

       

      CERT-In Recommends

      • Restrict connection towards the domains. Put the IPs under watchlist. [Note: blocking of IPs can impact the bussiness. The IP address may hosts multiple genuine domains/ or may belong to a compromised infrastructure. Blacklisting is completely on the bussiness policy of the organization.

      • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

      • Restrict execution of powershell/WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
        Reference:https://www.fireeye.com/blog/threatresearch/2016/02/greater_visibilityt.html

      • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution. Note: A lot of malicious domains are using TLDs of (.PW, .TOP, .ME) and DYNDNS domains. Monitor connections to such domains.

      • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) /APPLOCKER to block binaries running from %APPDATA% and %TEMP% paths.

      • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through a browser.

      • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header). Monitor users' web browsing habits; restrict access to sites with unfavorable content.

      • Block the attachments of file types;  exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

       

      Malware SAMSAM Ransomware

      A surge in SAMSAM Ransomware activity with various tactics such as vulnerabilities in remote desktop protocols (RDP), Java-based web servers, or file transfer protocol (FTP) servers to gain access to the victims’ network. Succesful infection encrypts all the user data with RSA-2048 encryption.

      Targeted
      File
      Extensions

      "xls",".xlsx",".pdf",".doc",".docx",".ppt",".pptx",".txt",".dwg",".bak",".bkf",".pst",".dbx",".zip",".rar",".mdb",".asp",".aspx",".html",".htm",".dbf", ".3dm",".3ds",".3fr",".jar",".3g2",".xml",".png",".tif",".3gp",".java",".j pe",".jpeg",".jpg",".jsp",".php",".3pr",".7z",".ab4",".accdb",".accde",".accdr", ".accdt",".ach",".kbx",".acr",".act",".adb",".ads",".agdl",".ai",".ai t",".al",".apj",".arw",".asf",".asm",".asx",".avi",".awg",".back",".backup ", ".backupdb",".pbl",".bank",".bay",".bdb",".bgt",".bik",".bkp",".blend",". bpw",".c",".cdf",".cdr",".cdr3",".cdr4",".cdr5",".cdr6",".cdrw",".cdx"," .ce1", ".ce2",".cer",".cfp",".cgm",".cib",".class",".cls",".cmt",".cpi",".cp p",".cr2",".craw",".crt",".crw",".phtml",".php5",".cs",".csh",".csl",".tib" ,".csv", ".dac",".db",".db3",".dbjournal",".dc2",".dcr",".dcs",".ddd",".ddoc", ".ddrw",".dds",".der",".des",".design",".dgc",".djvu",".dng",".dot",".docm" ,".dotm",".dotx",".drf",".drw",".dtd",".dxb",".dxf",".dxg",".eml",".eps",".erbsql",".erf",".exf",".fd b",".ffd",".fff",".fh",".fmb",".fhd",".fla",".flac",".flv",
      ".fpx",".fxg",". gray"," .grey",".gry",".h",".hbk",".hpp",".ibank",".ibd",".ibz",".idx",".iif",".iiq ",".incpas",".indd",".kc2",".kdbx",".kdc",".key",".kpdx",
      ".lua",".m",".m4v",".max",".mdc",".mdf",".mef",".mfw",".mmw",".moneywell",".mos",".mov",".mp3" ,".mp4",".mpg",".mrw",".msg",".myd",".nd",
      ".ndd",".nef"," .nk2",".nop",".nrw",".ns2",".ns3",".ns4",".nsd",".nsf",".nsg",".nsh",".nwb" ,".nx2",".nxl",".nyf",".oab",".obj",".odb",".odc",".odf",
      ".odg",".odm", ".odp",".ods",".odt",".oil",".orf",".ost",".otg",".oth",".otp",".ots",".ott ",".p12",".p7b",".p7c",".pab",".pages",".pas",".pat",".pcd",
      ".pct",".pdb",".pdd",".pef",".pem",".pfx",".pl",".plc",".pot",".potm",".potx",".ppam",".pps ",".ppsm",".ppsx",".pptm",".prf",".ps",".psafe3",".psd",
      ".pspimage" ,".ptx",".py",".qba",".qbb",".qbm",".qbr",".qbw",".qbx",".qby",".r3d",".raf ",".rat",".raw",".rdb",".rm",".rtf",".rw2",".rwl",".rwz",".s3db",
      ".sas7bd at",".say",".sd0",".sda",".sdf",".sldm",".sldx",".sql",".sqlite",".sqlite3" ,".sqlitedb",".sr2",".srf",".srt",".srw",".st4",".st5",".st6",".st7",".st8" ,
      ".std",".sti",".stw",".stx",".svg",".swf",".sxc",".sxd",".sxg",".sxi",".sxi",". sxm",".sxw",".tex",".tga",".thm",".tlg",".vob",".war",".wallet",".wav",".wb 2",
      ".wmv",".wpd",".wps",".x11",".x3f",".xis",".xla",".xlam",".xlk",".xlm",".x lr",".xlsb",".xlsm",".xlt",".xltm",".xltx",".xlw",".ycbcra",".yuv"

       

      Following the encryption of the victim’s files, the ransomware executes "selfdel.exe" [extracted from the resource section] to delete itself from the system and installs the ransomware note "HELP_DECRYPT_YOUR_FILES.html” onto the victim’s system.

      CERT-In Recommends;

      • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
         
      • Restrict connection towards the domains. Put the IPs under watchlist. [Note: blocking of IPs can impact the business. The IP address may hosts multiple genuine domains/ or may belong to a compromised infrastructure. Blacklisting is completely on the business policy of the organization]
         
      • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

      • Restrict execution of powershell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
        Reference:https://www.fireeye.com/blog/threatresearch/2016/02/greater_visib ilityt.html

      • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
        Note: A lot of malicious domains are using TLDs of (.PW, .TOP, .ME) and DYNDNS domains. Monitor connections to such domains.
         
      • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) /APPLOCKER to block binaries running from %APPDATA% and %TEMP% paths.
         
      • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through a browser.
         
      • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header). Monitor users' web browsing habits; restrict access to sites with unfavorable content.
         
      • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

      • Use firewalls (both software and hardware where available) to restrict access to remote desktop listening ports (default is TCP 3389) and file transfer Protocol(TCP 21).

       

      Satori Botnet

      Satori Botnet affecting IoT devices

      You may be aware that a new Botnet named as Satori has been found infecting Internet of Things (IoT) devices.

      One of the possible modus operandi of this malware is as under:

      • Compromise IoT systems.
      • Create botnets of the compromised devices.
      • Use compromise devices to launch DDoS attacks.
      • Make network connections to receive commands to launch further attacks.

      Following countermeasures can be taken to protect the IOT devices;

      • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords
      • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
      • Keep up to date Antivirus on the computer system
      • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
      • Unnecessary port and services on the devices should be stopped and closed.

      Kindly visit https://www.cyberswachhtakendra.gov.in to get information about latest malwares/botnets and to download free botnet removal tools.

       

      Mirai Botnet

      Mirai Botnet affecting IoT devices

      A new malware named as Mirai targeting Internet of Things (IoT) devices such as printers, video camera, routers, smart TVs is spreading.The malware is capable of scanning the network devices or Internet of Things and try to compromise these systems especially those protected with defaults credentials or hardcoded username passwords.    

      The malware is capable of performing the following function:

      • Compromise IoT systems with default username and passwords
      • Create botnets of the compromised devices.
      • Use compromise devices to launch DDoS attacks.
      • Make network connections to receive commands from launch further attacks.

       Indicators of compromise:

      • Abnormal traffic on port 2323/TCP and 23/TCP as it scans for vulnerable devices.
      • Command and Control Network traffic on port 48101/TCP.
      • Huge outbound traffic if the device is part of DDoS attack.

      When the malware runs, it turns the infected system into a bot connecting to a C&C server. Bot-infected systems are connecting to the C&C Servers on specific ports and listen for commands from the remote attacker. In view of the high damage potential of Botnet infected machines, the customers are requested to disinfect their systems and take appropriate countermeasures suggested below to prevent such incidents in future.

      Countermeasures for securing IOT devices:

      • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords.
      • Always change Default login credentials before deployment in production.
      • Change default credentials at device startup and ensure that passwords meet the minimum complexity.
      • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
      • Users should be aware of the installed devices and their capabilities. If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
      • Control access to the devices with Access List.
      • Configure devices to "lock" or log out and require a user to re-authenticate if left unattended.
      • Identify systems with default passwords and implement abovementioned measures. Some the systems that need to be examined are Routers, switches, web applications and administrative web interfaces, ICS systems, Telnet and SSH interfaces.
      • Implement account lockout policies to reduce the risk of brute forcing attacks.
      • Telnet and SSH should be disabled on a device if there is no requirement for remote management.
      • Configure VPN and SSH to access device if remote access is required.
      • Configure certificate-based authentication for telnet client for remote management of devices.
      • Implement Egress and Ingress filtering at the router level.
      • Report suspicious entries in Routers to your Internet Service Provider.
      • Keep up to date Antivirus on the computer system.
      • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
      • Unnecessary port and services should be stopped and closed.
      • Logging must be enabled on the device to log all the activities.
      • Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.

      TERMS AND CONDITIONS

       

      This website is designed, developed and maintained by Mahanagar Telephone Nigam Limited Mumbai , A Public Sector Undertaking of the Government of India .

      Though all efforts have been made to ensure the accuracy and currency of the content on this website, the same should not be construed as a statement of law or used for any legal purposes. In case of any ambiguity or doubts, users are advised to verify/check with the Organisation and /or other sources, and to obtain appropriate professional advice.

      Under no circumstances, will this Organisation be liable for any expense, loss or damage including, without limitation, indirect or consequential loss or damage, or any expense, loss or damage whatsoever arising from use, or loss of use, of data, arising out of or in connection with the use of this website.

      These terms and conditions shall be governed by and construed in accordance with the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the jurisdiction of the courts of India.

      The information posted on this website could include hypertext links or pointers to information created and maintained by non-Government/private organizations. MTNL Mumbai is providing these links and pointers solely for your information and convenience. When you select a link to an outside website, you are leaving the MTNL Mumbai’s website and are subject to the privacy and security policies of the owners/sponsors of the outside website.MTNL Mumbai does not guarantee the availability of such linked pages at all times.

      MTNL Mumbai cannot authorise the use of copyrighted materials contained in linked websites. Users are advised to request such authorisation from the owner of the linked website.

      MTNL Mumbai does not guarantee that linked websites comply with Indian Government Web Guidelines.

       

      Subcategories

      Broadband Plans