Tag

Network-Traffic

4 briefs RSS

Potential Data Exfiltration to Unusual Geographic Region via Machine Learning

A machine learning job has detected potential data exfiltration activity to an unusual geographical region, specifically by region name, indicating exfiltration over command and control channels.

data-exfiltration machine-learning network-traffic

2r 1t May 2, 2024

high advisory

Detecting RPC Traffic to the Internet

2 rules 2 TTPs

This brief focuses on detecting Remote Procedure Call (RPC) traffic originating from internal networks and reaching the public internet, which is indicative of potential initial access or backdoor activity.

Elastic License v2 network-traffic initial-access lateral-movement rpc

2r 2t Jan 3, 2024

low threat

Suspicious SMTP Activity on Port 26/TCP

2 rules 3 TTPs

This rule detects SMTP traffic on TCP port 26, an alternative to the standard port 25 that the BadPatch malware family has used for command and control of Windows systems.

BadPatch command-and-control exfiltration network-traffic

2r 3t Jan 3, 2024

medium advisory

Large ICMP Traffic Detection

2 rules 1 TTP

This analytic identifies excessive ICMP traffic to external IP addresses exceeding 1,000 bytes, potentially indicating command and control activity, data exfiltration, or covert communication channels.

Splunk Enterprise +4 network-traffic command-and-control data-exfiltration

2r 1t Jan 2, 2024