Blacklisted IP Address

Description

Trigerred off of core network traffic, this anomaly compares IP addresses that are visted agains the internal UBA IP Address blacklist. If IPs match, the anomaly is created.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise, Threat Intelligence

Alert Volume

High

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control
Exfiltration

MITRE ATT&CK Techniques

Custom Command and Control Protocol
Non-Application Layer Protocol
Application Layer Protocol
Exfiltration Over Alternative Protocol
Exfiltration Over C2 Channel

MITRE Threat Groups

APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
Magic Hound
MuddyWater
OilRig
PLATINUM
Rocke
Sandworm Team
Soft Cell
Stealth Falcon
Wizard Spider

Data Sources

Network Communication