cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

CTA Updates - New Malicious Hosting Detector

510
Views
1
Helpful
0
Comments
Cisco Employee

This blog extends information from Cognitive Threat Analytics (CTA): Release Notes

 

February 2018 Update

 

(by Ivan Nikolaev and Lukas Machlica)

 

Malicious hosting detection: CTA engine is able to detect new type of incidents. The incidents manifest communication with endpoints associated with malicious hosting activity. The association is determined from global behaviour of the host, learned accross various data sources.

 

pdns-dga-release-notes.png

Example: this incident is an example of communication with malicious hosting infrastructure. There are three domains labelled as malicious hosting. Two of them are associated with the the same IP. These IPs also host other DGA domains (domains generated algorithmically), as seen in the incident. The communication happens over HTTPS and there are several successful downloads from the domains.