DESCRIPTION NAME:

ADRECON QUERY - LDAP(Request)

 CONFIDENCE LEVEL:
 SEVERITY INBOUND:
 SEVERITY OUTBOUND:
Informational
Low
Medium
High

 概要

This is Trend Micro detection for packets passing through LDAP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking tools have different capabilities depending on the systems they have been designed to penetrate. System administrators and malicious actors may have the same approach in using hacking tools but have different intent. Both wanted to identify possible avenues for intrusion, but for system administrators it is to test the security of the system while malicious actors take advantage of this.

 詳細

Attack Phase: Intelligence Gathering

Protocol: LDAP

Risk Type: OTHERS
(Note: OTHERS can be network connections related to hacking attempts, exploits, connections done by grayware, or suspicious traffic.)

Threat Type: Grayware

Confidence Level: Low

Severity: Medium(Outbound)| Low(Inbound)

DDI Default Rule Status: Enable

APT Related: NO

 対応方法

Network Content Inspection Pattern Version: 1.15759.00
Network Content Inspection Pattern Release Date: 09 Aug 2024
Network Content Correlation Pattern Version: 1.15521.00
Network Content Correlation Pattern Release Date: 06 Aug 2024

Immediate Action

  • If the host exhibiting this kind of network behavior is within the internal network, change all passwords of the host and ensure the use of strong passwords.
  • Strong passwords should contain upper case letters, lower case letters, digits, punctuation marks, and other symbols. Remove any unrecognizable files, software, or services.
  • Update your Trend Micro products and pattern files to the latest version.
  • Scan the host for possible malware detection and to clean any detected items.

Secondary Action

If scanning fails to detect a malware infection:

  1. If possible, disconnect the host from the network to prevent any further communication or malicious activities the malware may attempt.
  2. Run RootkitBuster to check through hidden files, registry entries, processes, drivers, and hooked system services.
  3. Use the Anti-Threat Toolkit (ATTK) tools to collect undetected malware information.
  4. Identify and clean threats with Rescue Disk, specific to suspected threats that are persistent or difficult-to-clean. Rescue Disk allows you to use a CD, DVD, or USB drive to examine your computer without launching Microsoft Windows.
  5. If the host exhibiting this kind of network behavior is in the external network, ensure the following to prevent risk of attacks:
    • Systems are not in default configuration
    • Firewall is enabled
    • Change all passwords of the host and ensure the use of strong passwords. Strong passwords should contain upper case letters, lower case letters, digits, punctuation marks, and other symbols.
    • Firmware of devices, routers, and other hardware are up to date. As well as the hosts and others that are visible to the external network, have their browsers, plugins, and operating systems fully updated with the latest patches.


    ご利用はいかがでしたか? アンケートにご協力ください