Suspicious Network Connection

Description

This anomaly contains multiple detections that inspect network traffic and look for suspicious activity (e.g., DNS data exfiltration). Check the associated detection methods for a comprehensive list of possible triggers for this anomaly.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Data Exfiltration, Command and Control

Alert Volume

High (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Lateral Movement
Exfiltration

MITRE ATT&CK Techniques

Remote Services
Ingress Tool Transfer
Exfiltration Over C2 Channel
Exfiltration Over Other Network Medium
Exfiltration Over Alternative Protocol

MITRE Threat Groups

APT-C-36
APT18
APT28
APT3
APT32
APT33
APT37
APT38
APT39
APT41
BRONZE BUTLER
Chimera
Cobalt Group
Dragonfly 2.0
Elderwood
FIN7
FIN8
Frankenstein
Gamaredon Group
Gorgon Group
Ke3chang
Kimsuky
Lazarus Group
Leviathan
Magic Hound
Molerats
MuddyWater
OilRig
PLATINUM
Patchwork
Rancor
Rocke
Sandworm Team
Sharpshooter
Silence
Soft Cell
Stealth Falcon
TA505
Threat Group-3390
Tropic Trooper
Turla
WIRTE
Whitefly
Wizard Spider
menuPass

Data Sources

Network Communication