Table 9.
Threat report Processing.
| Report Text | Classification | Confidence | Extracted IOCs | Threat Matches |
|---|---|---|---|---|
| Detected suspicious traffic from IP 10.0.0.66 connecting to c2-malicious.net | Benign | 0.65 | {‘ips’: [‘10.0.0.66’], ‘domains’: [‘c2-malicious.net’], ‘hashes’: [], ‘malware’: [‘IP’], ‘urls’: []} | {‘ips’: [‘10.0.0.66’], ‘domains’: [‘c2-malicious.net’], ‘malware’: []} |
| Normal user login activity from internal network 192.168.1.5 | Benign | 0.77 | {‘ips’: [‘192.168.1.5’], ‘domains’: [], ‘hashes’: [], ‘malware’: [], ‘urls’: []} | {‘ips’: [], ‘domains’: [], ‘malware’: []} |
| Emotet malware detected attempting to exfiltrate data to exfiltration-site.biz | Benign | 0.65 | {‘ips’: [], ‘domains’: [‘exfiltration-site.biz’], ‘hashes’: [], ‘malware’: [‘Emotet’, ‘exfiltration-site.biz’, ‘Malware’], ‘urls’: []} | {‘ips’: [], ‘domains’: [‘exfiltration-site.biz’], ‘malware’: [‘Emotet’]} |
| Regular system update from trusted-site.com completed successfully | Benign | 0.77 | {‘ips’: [], ‘domains’: [‘trusted-site.com’], ‘hashes’: [], ‘malware’: [], ‘urls’: []} | {‘ips’: [], ‘domains’: [], ‘malware’: []} |
| New variant of Zeus malware communicating with unknown C2 server (Adaptive) | Benign | 0.62 | {‘ips’: [], ‘domains’: [], ‘hashes’: [], ‘malware’: [‘Malware’, ‘Zeus’], ‘urls’: []} | {‘ips’: [], ‘domains’: [], ‘malware’: [‘Zeus’]} |