Decision for 2409:40e4:1099:e574:fc5c:ada3:a2af:d377
Reasons
- High severity exploit activity was observed, but only from a single node.
- Observed behavior consistent with post-compromise activity, such as backdoors, webshells, or lateral movement.
- High-confidence indicators of post-exploitation activity were detected.
MITRE ATT&CK Mappings
- Tactics:
Command and Control / Persistence,
Initial Access
- Techniques:
T1059,
T1105,
T1190
Evidence
- Nodes observed: 1
-
Severity:
CRITICAL
-
TTL remaining:
22h 44m
Back to Dashboard