Skip to main content
Blog

Netography Detection Model Release – April 4, 2023

By April 4, 2023May 2nd, 2023No Comments

Netography Detection Model Release – April 4, 2023

 

The Netography Threat Research Team has released its latest detections:

The team creates Netography Detection Models (NDMs) to detect botnets, malware, P2P, data exfiltration, ransomware, phishing, SPAM, DDoS activity and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There are no packages to download, and no updates to push. All models are completely open, customizable, and transparent to your analysts.  

Netography Detection Model Updates:

messaging_apple-push – This NDM detects the use of the messaging framework: “Apple-push” on the network. The Apple Push Notification service (APNs) is a platform notification service created by Apple. The protocol is also used by the Apple iMessage service. This NDM is disabled by default. 

messaging_discord – This NDM detects the use of the messaging framework: “Discord” on the network. Discord is a proprietary freeware VoIP application and digital distribution platform that specializes in text, image, video and audio communication between users in a chat channel.This NDM is disabled by default. 

messaging_disqus – This NDM detects the use of the messaging framework: “Disqus” on the network. Disqus offers add-on tools for websites to increase engagement. They help publishers power online discussions with comments and earn revenue with native advertising. This NDM is disabled by default. 

messaging_facebook-messenger — This NDM detects the use of the messaging framework: “Facebook Messenger” on the network. Facebook Messenger is a messaging app and platform. Users can send messages and exchange photos, videos, stickers, audio, files, and more. This NDM is disabled by default. 

messaging_google-chat — This NDM detects the use of the messaging framework: “Google Chat” on the network. Google Chat (formerly known as Hangouts Chat) is a communication software that provides direct messages and team chat rooms, along with group messaging functions. This NDM is disabled by default. 

messaging_icq — This NDM detects the use of the messaging framework: “ICQ” on the network. ICQ is a cross-platform messenger and VoIP client. The name ICQ derives from the English phrase “I Seek You”. The software was popular in the early 2000s and is still in use today. This NDM is disabled by default. 

messaging_infobip — This NDM detects the use of the messaging framework: “Inflobip” on the network. Infobip specializes in omnichannel engagement powering a range of messaging channels, tools, and solutions for advanced customer engagement. Use of this social network on a corporate network may be outside of corporate policy. This NDM is disabled by default.

messaging_jpush — This NDM detects the use of the messaging framework: “Jpush” on the network. JPush (from JiGuang/Aurora Mobile) is a large-scale app push platform, pushing more than 500 million messages per day. The solution offers four types of messages: notifications, custom messages, rich media, and local notifications. This NDM is disabled by default.

messaging_kakaotalk — This NDM detects the use of the messaging framework: “KakaoTalk” on the network. KakaoTalk (카카오톡) is a free mobile instant messaging application for smartphones with free text and free call features. This NDM is disabled by default.

messaging_kik – This NDM detects the use of the messaging framework: “Kik” on the network. Kik Messenger, commonly called Kik, is a freeware instant messaging mobile app from the Canadian company Kik Interactive, available free of charge on iOS, Android, and Windows Phone operating systems. This NDM is disabled by default.

messaging_messagebird – This NDM detects the use of the messaging framework: “MessageBird” on the network. MessageBird is a cloud communications platform that connects enterprises to their global customers. Solutions are provided across SMS, voice, WhatsApp, WeChat, Messenger, email and more. This NDM is disabled by default.

messaging_meta-messaging – This NDM detects the use of the messaging framework: “meta-messaging” (Facebook + Instagram) on the network. Facebook Messenger and Instagram (owned by Meta) share a common messaging platform. This makes it possible for users on these two different platforms to chat and exchange messages. This NDM is disabled by default.

messaging_pushover – This NDM detects the use of the messaging framework: “pushover” on the network. Pushover makes it easy to push real-time notifications to your Android, iPhone, iPad, or PC. This NDM is disabled by default.

messaging_qq – This NDM detects the use of the messaging framework: “qq” on the network. Tencent QQ, popularly known as QQ, is an instant messaging software service based in China. Nearly one billion active accounts use QQ for chat, gaming, music, shopping and more. This NDM is disabled by default.

messaging_rocket-chat – This NDM detects the use of the messaging framework: “rocket-chat” on the network. Rocket.Chat is an open source communication hub that enables banks, NGOs, startups, and governmental organizations to have their own chat tool. This NDM is disabled by default.

messaging_samsung-push – This NDM detects the use of the messaging framework: “samsung-push” on the network. Samsung Push is a platform notification service created by Samsung. It is used to send messages to mobile phones, tablets and other Samsung devices. This NDM is disabled by default.

messaging_signal – This NDM detects the use of the messaging framework: “Signal” on the network. Signal (formerly Open Whisper Systems) is an instant group, text, voice, video, document, and picture messaging application which supports end-to-end encryption. This NDM is disabled by default.

messaging_sinch – This NDM detects the use of the messaging framework: “sinch” on the network. Sinch platform lets businesses reach every mobile phone on the planet, in seconds or less, through mobile messaging, voice, and video. This NDM is disabled by default.

messaging_snapchat – This NDM detects the use of the messaging framework: “snapchat” on the network. Snapchat lets you easily talk with friends, view Live Stories from around the world, and explore news in Discover. This NDM is disabled by default.

messaging_stream-ioThis NDM detects the use of the messaging framework: “stream.io” on the network. Stream is an enterprise-grade chat and activity feed provider. Their products include client-side SDKs for iOS, Android, React, React Native, Flutter, and support for the most commonly used server-side languages. This NDM is disabled by default.

messaging_telegram – This NDM detects the use of the messaging framework: “telegram” on the network. Telegram is a non-profit cloud-based instant messaging service available for Android, iOS, Windows Phone, Windows NT, macOS and Linux. Users can send messages and exchange photos, videos, stickers, audio and files of any kind. This NDM is disabled by default.

messaging_threema – This NDM detects the use of the messaging framework: “Threema” on the network. Threema is a paid and proprietary end-to-end encrypted instant messaging service. Clients for iOS and Android are available. This NDM is disabled by default.

messaging_wechat – This NDM detects the use of the messaging framework: “wechat” on the network. WeChat is a Chinese multi-purpose messaging, social media and mobile payment app developed by Tencent. This NDM is disabled by default.

messaging_whatsapp – This NDM detects the use of the messaging framework: “Whatsapp” on the network. More than 1 billion people in over 180 countries use WhatsApp to stay in touch with friends and family, anytime and anywhere. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on a multitude of devices.  This service does share IP overlap with some of Facebook’s servers (since it is owned by Facebook), however, the Threat Research team has done our best to remove this overlap and focus this NDM purely on WhatsApp. This NDM is disabled by default.

messaging_zalo – This NDM detects the use of the messaging framework: “Zalo” on the network. Zalo is a chatting platform available on mobile and PC. Features include messaging, voice messages, video conference, group messaging and friend finder. This NDM is disabled by default.

Categorization Updates:

Categories can be used in NDMs, Widgets, or anywhere else Netography Query Language (NQL) is used in the Netography Fusion® portal to monitor, detect, and secure the Atomized Network. The following IP Reputation Categories were added to the portal:

  • messaging_apple-push 
  • messaging_discord 
  • messaging_disqus 
  • messaging_facebook-messenger 
  • messaging_google-chat 
  • messaging_icq 
  • messaging_infobip 
  • messaging_jpush 
  • messaging_kakaotalk 
  • messaging_kik 
  • messaging_messagebird 
  • messaging_meta-messaging 
  • messaging_pushover 
  • messaging_qq 
  • messaging_rocket-chat 
  • messaging_samsung-push 
  • messaging_signal 
  • messaging_sinch 
  • messaging_snapchat 
  • messaging_stream-io 
  • messaging_telegram 
  • messaging_threema 
  • messaging_wechat 
  • messaging_whatsapp 
  • messaging_zalo

A dashboard was also added to the system default dashboards named “Messaging Application Usage Dashboard” dashboard to display the usage of the above messaging service categories on your network

The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion® platform, so our customers can write once, then detect everywhere.