Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Potentially Exploited Findings

Ingrid

⇤ Compromised Systems Findings

The Potentially Exploited risk vector indicates that a device on a company’s network is running a potentially unwanted program (PUP) or potentially unwanted application (PUA).

SPM App: Findings ➔ Findings Table

CM App:

  1. Select a company from your Companies List.
  2. Go to Vendor Risk ➔ Findings

Insurance App:

  1. Select a company from your Companies List.
  2. Go to Client Risk ➔ Findings

Bitsight API: GET /v1/companies/entity_guid/findings?risk_vector=potentially_exploited

Finding Details

*Availability varies based on the detection mechanism.

The details include the data in Findings, Compromised Systems details, and also the following information:

Field Description
Details An overview of the finding.
Duration The duration of the finding.
Infection The name of the PUP or PUA.
Remediation Instructions Instructions and resources to remediate the finding.
Risks Possible risks.
Targeted Platform The type of operating system (OS) that was targeted by the infection.
User Agent The user’s browser details. Malware can use the HTTP header to transmit information about itself or the compromised system to C&C servers.

Forensics

The following details are also included with the Forensics add-on package:

Field Description
C&C IP The destination IP address.
Destination Port The port identified as the destination of traffic coming from the affected device.
Detection Mechanism The method used to detect the finding.
GeoIP Location The geographical location where the involved IP address resides.
Observed Behavior The type of behavior that indicated that the device was compromised.
Observation Count The number of times the potentially exploited system was observed during a 24-hour period, between midnight UTC one day and midnight UTC the next day.
Potentially Exploited Shows the type or name of the detected unwanted application.
Request Method The HTTP request method (GET, POST, etc) used by the compromised device to communicate with its C&C server.
Server Name* The domain name of the server, which is a known C&C server, sinkhole, or adware host. A device was observed connecting to this server.
Source Port The port identified as the source of traffic from a compromised device.
User Agent The user’s browser details. Malware can use the HTTP header to transmit information about itself or the compromised system to C&C servers.

Filters

The following filters are available:

Field Description
Admogo An Android app that displays advertisements and may steal the user’s personal information.
CrossRider A piece of malware created using the CrossRider browser extension tool.
Grayware A potentially unwanted application that may be indicative of weak security practices or other compromises.
Mobile Spy Tracks mobile usage behavior and sends reports to a server.
Port Scanner A botnet is scanning the Internet looking for new devices to infect.
Techsnab Malicious adware designed to trick users into engaging in click fraud.
  • October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
  • January 19, 2024: Findings Table navigation by application.
  • May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked.

Related articles

Feedback

0 comments

Please sign in to leave a comment.