Decision for 20.151.2.242
Reasons
- Threat activity was observed independently on multiple nodes.
- Multiple stages of an attack chain were observed within a short time window.
- Observed behavior consistent with post-compromise activity, such as backdoors, webshells, or lateral movement.
- High-confidence indicators of post-exploitation activity were detected.
MITRE ATT&CK Mappings
- Tactics:
Command and Control / Persistence,
Initial Access,
Reconnaissance
- Techniques:
T1059,
T1105,
T1190,
T1595
Evidence
- Nodes observed: 2
-
Severity:
CRITICAL
-
TTL remaining:
8d 19h
Back to Dashboard