Navigation :
Suspicious IP Address Communication
Description
Triggered when a user visits a malicious or suspicious site by IP directly.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Insider Threat
Category
Command and Control, Endpoint Compromise, Data Exfiltration
Alert Volume
Low
(?)SPL Difficulty
None
Journey
Stage 6
MITRE ATT&CK Tactics
Command and Control
MITRE ATT&CK Techniques
Custom Command and Control Protocol
Application Layer Protocol
Non-Application Layer Protocol
MITRE Threat Groups
APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Magic Hound
OilRig
PLATINUM
Rocke
Data Sources
Network Communication
Web Proxy