Decision for 20.63.83.113
Reasons
- High severity exploit activity was observed, but only from a single node.
- Multiple stages of an attack chain were observed within a short time window.
- Observed behavior consistent with post-compromise activity, such as backdoors, webshells, or lateral movement.
- High-confidence indicators of post-exploitation activity were detected.
MITRE ATT&CK Mappings
- Tactics:
Command and Control / Persistence,
Initial Access
- Techniques:
T1059,
T1105,
T1190
Evidence
- Nodes observed: 1
-
Severity:
CRITICAL
-
TTL remaining:
9d 1h
Back to Dashboard