Netography Detection Model Release – April 11, 2023
Netography Detection Model Release – April 11, 2023
The Netography Threat Research Team has released its latest detections:
The team creates Netography Detection Models (NDMs) to detect botnets, malware, P2P, data exfiltration, ransomware, phishing, SPAM, DDoS activity and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There are no packages to download, and no updates to push. All models are completely open, customizable, and transparent to your analysts.
Netography Detection Model Updates:
cve-2023-2753_port_scan_internal – This DM locates attempts to scan internal resources for systems potentially vulnerable to CVE-2023-27532 – a vulnerability in the Veeam Backup and Replication product. This vulnerability “allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.” This DM is enabled by default.
cve-2022-47966_port_scan_internal – This DM locates attempts to scan internal resources for systems potentially vulnerable to CVE-2022-47966 – a vulnerability in the Zoho ManageEngine product. This DM is enabled by default.
cve-2015-4852_port_scan_internal – This DM locates attempts to scan internal resources for systems potentially vulnerable to CVE-2015-4852 – an older vulnerability in Java. This DM is enabled by default.
cve-2020-5735_port_scan_internal – This DM locates attempts to scan internal resources for systems potentially vulnerable to CVE-2020-5735 – a vulnerability in the Amcrest cameras and NVR products. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. This DM is enabled by default.
cve-2023-23560_lexmark_inbound – This DM locates attempts to connect to an internal resource on port 65002 from an external IP. This may indicate attempts to exploit the vulnerability found in Lexmark printers covered under CVE-2023-23560. This DM is enabled by default.
cve-2023-23560_lexmark_internal – This DM locates attempts to connect to an internal resource on port 65002 from an internal IP. This may indicate attempts to exploit the vulnerability found in Lexmark printers covered under CVE-2023-23560. This DM is enabled by default.
rpc_authentication_attack – This DM locates attempts to abuse authentication methods to RPC ports 135 and 111. This will detect attempts to exploit the Zerologon vulnerability: CVE-2020-1472. This DM is enabled by default.
suspected_port_abuse_internal – This DM detects entities on the internal network attempting to communicate with other internal hosts on an unusual range of ports. This may indicate a compromised machine or an internally initiated port scan. This DM is enabled by default.
suspected_port_abuse_external – This DM detects entities external to the network attempting to communicate with other internal hosts on an unusual range of ports. This may indicate a compromised machine or non-standard traffic. This DM is enabled by default.
outbound_smb_traffic – This DM detects any internal host attempting to communicate external to the network on common SMB ports. This traffic should not occur between unauthorized hosts. This DM works best when network classifications are set properly. This DM is enabled by default.
finflood – This DM was updated to reduce noise and increase accuracy.
The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion® platform, so our customers can write once, then detect everywhere.
The post Netography Detection Model Release – April 11, 2023 appeared first on Netography.
*** This is a Security Bloggers Network syndicated blog from Netography authored by Netography Threat Research Team. Read the original post at: https://netography.com/netography-detection-model-release-april-11-2023/
