Page 83 - CSEW
P. 83
The Power of Investigate + 162.17.5.245 suspicious.com
AMP Threat Grid Request spike baddomain.com
Hosted in 22
Investigate countries
Intelligence about 173.236.173.144
attacker’s infrastructure Source & destination IP
likelybad.com
HTTP/DNS traffic
AMP Threat Grid creates .exe file in modifies registry
admin directory
entry
Intelligence about
attacker’s payload/file
other file system
.doc file modifies
WINWORD.exe activity and
The most complete view of the infrastructure artifacts created
used in attacks
© 2016 Engage ESM All Rights Reserved 92
