Netography Detection Model Release – February 13, 2023
The Netography Threat Research Team has released its latest detections:
The team creates Netography Detection Models (NDMs) to detect botnets, malware, P2P, data exfiltration, ransomware, phishing, SPAM, DDoS activity, and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There are no packages to download, and no updates to push. All models are completely open, customizable, and transparent to your analysts.
Netography Detection Model Updates:
esxi_internal_slp_scan – This detection model detects attempted scanning to discover OpenSLP servers on the customer’s network. This behavior coupled with the “port_445_scanning_internal” NDM may be indicative of “Royal Ransomware”. This NDM works best when “Network Classifications” are set correctly in the Fusion portal.
outbound_database_exfil – This detection model detects large amounts of data being transferred from common database ports leaving the customer network. This NDM works best when “Network Classifications” are set correctly in the Fusion portal.
remote_access_itar – This detection model detects inbound attempts to connect to SSH and RDP ports from countries listed on the United States ITAR list. This NDM works best when “Network Classifications” are set correctly in the Fusion portal.
The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion platform, so our customers can write once, then detect everywhere.