Suspicious IP Address Communication

Description

Triggered when a user visits a malicious or suspicious site by IP directly.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat

Category

Command and Control, Endpoint Compromise, Data Exfiltration

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Custom Command and Control Protocol
Application Layer Protocol
Non-Application Layer Protocol

MITRE Threat Groups

APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Magic Hound
OilRig
PLATINUM
Rocke

Data Sources

Network Communication
Web Proxy