ids:emerging_threats:emerging_threat_categories
This is an old revision of the document!
IDS - Emerging Threats - Emerging Threat Categories
| Category | Description | Reference |
|---|---|---|
| 3CORESec | Generated automatically from the 3CORESec team IP block lists; based on malicious activity from their Honeypots. | https://blacklist.3coresec.net/lists/et-open.txt |
| ActiveX | Protects against attacks and exploits against Microsoft ActiveX controls. | |
| Adware-PUP | Ad tracking and spyware related activity. | |
| Attack Response | Identifies responses indicative of intrusion; such as LMHost file download, presence of certain web banners and the detection of Metasploit Meterpreter kill command. | |
| Botcc (Bot Command and Control) | Autogenerated from several sources of known and confirmed active botnet and other Command and Control (C2) hosts. | https://www.shadowserver.org |
| Botcc Portgrouped | Similar to the Botcc category but grouped by destination port. Rules grouped by port can offer higher fidelity than those not grouped by port. | |
| Chat | Traffic related to numerous chat clients such as Internet Relay Chat (IRC). Chat traffic can be indicative of possible check-in activity by threat actors. | |
| CIArmy | Generated using Collective Intelligence IP rules for blocking. | https://www.cinsscore.com |
| Coinmining | Rules that detect malware which performs coin mining. | |
| Compromised | Based on a list of known compromised hosts that is confirmed and updated daily from several private but highly reliable data sources. | |
References
ids/emerging_threats/emerging_threat_categories.1626783433.txt.gz · Last modified: 2021/07/20 12:17 by peter