Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
2 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Multiple suspicious FTP sessions were detected, which may indicate a brute-force attempt.
Attacker's Goals
Attackers may seek access to FTP accounts and use them to exfiltrate data, stage attack tools, or create command and control channels through trusted services.
Investigative actions
- Examine the legitimacy of the application that produced this uncommon FTP connection.
- Examine the parent process of this application.
- Verify that the connection attempts were not performed from an illegitimate source.