Skip to main content

Netography Detection Model Release – February 23, 2023

 

The Netography Threat Research Team has released its latest detections:

The team creates Netography Detection Models (NDMs) to detect botnets, malware, P2P, data exfiltration, ransomware, phishing, SPAM, DDoS activity and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There are no packages to download, and no updates to push. All models are completely open, customizable, and transparent to your analysts.  

Netography Detection Model Updates:

social_discourse_detection – This NDM detects the use of the social network: “Discourse” on the network. Discourse is modern forum software for businesses and communities. This NDM is disabled by default. 

social_instagram_detection – This NDM detects the use of the social network: “Instagram” on the network. Instagram is a social media platform that emphasizes photo and video sharing via its mobile app. This NDM is disabled by default.

social_linkedin_detection – This NDM detects the use of the social network: “LinkedIn” on the network. LinkedIn social media and associated services is a business oriented social media network. This NDM is disabled by default.

social_meta_detection — This NDM detects the use of the social network: “Meta” on the network. This NDM covers Facebook and it’s associated services. This NDM is disabled by default.

social_okcupid_detection — This NDM detects the use of the social network: “OkCupid” on the network.  OkCupid is an online dating website that uses quizzes and multiple-choice questions to find a match for the user. This NDM is disabled by default.

social_reddit_detection — This NDM detects the use of the social network: “Reddit” on the network.  Reddit is essentially a web-based bulletin board system that allows posting and commenting on nearly any topic.  This NDM is disabled by default.

social_tiktok_detection — This NDM detects the use of the social network: “TikTok” on the network. Tiktok social media and associated services are a social media platform primarily consisting of short videos. Use of this social network on a corporate network may be outside of corporate policy.  This NDM is disabled by default.

social_tinder_detection — This NDM detects the use of the social network: “Tinder” on the network. Tinder is a location-based social search mobile app and Web application most often used as a dating service. This NDM is disabled by default.

social_twitter_detection — This NDM detects the use of the social network: “Twitter” on the network. Twitter social media and associated services is a social media platform where anyone in the world can post on nearly any topic. This NDM is disabled by default.

torrent_usage_detection – This NDM detects the use of Torrent based websites and traffic on the network.  This NDM will not detect every node present in a torrent network, due to the encrypted and dynamic nature of torrent networks. This NDM is enabled by default.

file-sharing_4shared_detection – This NDM detects the use of 4shared traffic on the network. 4shared is an online storage and file hosting web service to upload, store and download music, videos, photographs and other content. This NDM is disabled by default.

file-sharing_apple-icloud – This NDM detects the use of iCloud Drive traffic on the network. Apple iCloud provides online access to personal photos, videos, documents, notes, contacts, and more. The service is provided to Apple product users. This NDM is disabled by default.

file-sharing_box-net_detection – This NDM detects the use of Box.Net traffic on the network. Box.Net is a business focused platform for file sharing, content management, workflow, and collaboration. This NDM is disabled by default.

file-sharing_dropbox_detection – This NDM detects the use of Dropbox traffic on the network.  Dropbox provides file sharing and storage services to end users and organizations. A special shared folder can be synchronized and shared across multiple devices: mobile, tablets, laptops, etc. This NDM is disabled by default.

file-sharing_filefactory – This NDM detects the use of FileFactory traffic on the network.  FileFactory is a file sharing service that also offers USENET/newsgroup access. The basic service comes with unlimited downloads, 100TB of TrafficShare, and a resume feature. This NDM is disabled by default.

file-sharing_idrive_detection – This NDM detects the use of iDrive traffic on the network. IDrive specializes in data backup applications. Its flagship product is IDrive, an online backup service available to Windows, Mac, Linux, iOS, and Android users. This NDM is disabled by default.

file-sharing_mediafire – This NDM detects the use of Mediafire on the network.  MediaFire is a cloud storage service helping people store, organize, and share data via the internet. This NDM is disabled by default.

file-sharing_mega-service – This NDM detects the use of Mega traffic on the network. MEGA provides cloud storage and file sharing. The service is offered primarily through web-based apps, but mobile apps are also available for Windows Phone, Android and iOS. This NDM is disabled by default.

file-sharing_microsoft-onedriveThis NDM detects the use of Microsoft OneDrive on the network. Microsoft OneDrive allows you to store photos and docs online. Access them from any PC, Mac or phone. Create and work together on Word, Excel or PowerPoint documents. This NDM is disabled by default.

file-sharing_sharefile_detection – This NDM detects the use of ShareFile on the network.  ShareFile is the secure file sharing and transfer service for business. The company also offers cloud-based and on-premise storage, virtual data rooms and client portals. The product is owned by Citrix Systems. This NDM is disabled by default.

file-sharing_syncplicity – This NDM detects the use of Syncplicity on the network. Syncplicity – by Axway – offers businesses a cloud-based solution for content collaboration and enterprise file sharing & syncing needs. This NDM is disabled by default.

file-sharing_syncthing_detection – This NDM detects the use of Syncthing on the network. Syncthing is a continuous file synchronization program that synchronizes files between two or more computers in real time, safely protected from prying eyes. This NDM is disabled by default.

file-sharing_usenetserver – This NDM detects the use of Usenetserver.com on the network.  Usenetserver.com provides access to Usenet news groups and NNTP feeds for business and private use. This NDM is disabled by default.

file-sharing_ushareit – This NDM detects the use of SHAREit on the network. SHAREit is a peer-to-peer file sharing, content streaming and gaming platform that supports online and offline sharing of files and contents. This NDM is disabled by default.

file-sharing_wetransfer –  This NDM detects the use of WeTransfer on the network. WeTransfer is an internet-based computer file transfer service based in the Netherlands. The company’s suite of tools is specifically designed for creative professionals, enabling collaboration, co-creation, and client management. This NDM is disabled by default.

knownphishing – This NDM was enhanced to more specifically detect phishing.

knownspamsrc – This NDM was enhanced to more specifically detect spam.

xmastree – This NDM was enhanced to reduce false positives.

 

Categorization Updates:

Categories can be used in NDMs, Widgets, or anywhere else Netography Query Language (NQL) is used in the Netography Fusion® portal to monitor, detect, and secure the Atomized Network. The following IP Reputation Categories were added to the portal:

  • file-sharing_4shared
  • file-sharing_apple-icloud
  • file-sharing_bittorrent
  • file-sharing_box-net 
  • file-sharing_dropbox
  • file-sharing_filefactory
  • file-sharing_idrive
  • file-sharing_mediafire
  • file-sharing_mega-service
  • file-sharing_microsoft-onedrive
  • file-sharing_opentrackr
  • file-sharing_rarbg
  • file-sharing_sharefile
  • file-sharing_syncplicity
  • file-sharing_syncthing
  • file-sharing_the-pirate-bay
  • file-sharing_torrent-eu-org
  • file-sharing_usenetserver
  • file-sharing_ushareit
  • file-sharing_utorrent
  • file-sharing_wetransfer

 

A dashboard widget was also added to the “Security Overview” dashboard to display the usage of the above file-sharing categories on your network:

A dashboard widget was also added to the “Security Overview” dashboard to display the usage of third party VPN services on your network:

 

The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion® platform, so our customers can write once, then detect everywhere.