Potentially Exploited Findings Ingrid ⇤ Compromised Systems Findings The Potentially Exploited risk vector indicates that a device on a company’s network is running a potentially unwanted program (PUP) or potentially unwanted application (PUA). Navigation Options SPM App: Findings ➔ Findings Table CM App: Select a company from your Companies List. Go to Vendor Risk ➔ Findings Insurance App: Select a company from your Companies List. Go to Client Risk ➔ Findings Bitsight API: GET /v1/companies/entity_guid/findings?risk_vector=potentially_exploited Finding Details *Availability varies based on the detection mechanism. The details include the data in Findings, Compromised Systems details, and also the following information: Field Description Details An overview of the finding. Duration The duration of the finding. Infection The name of the PUP or PUA. Remediation Instructions Instructions and resources to remediate the finding. Risks Possible risks. Targeted Platform The type of operating system (OS) that was targeted by the infection. User Agent The user’s browser details. Malware can use the HTTP header to transmit information about itself or the compromised system to C&C servers. Forensics The following details are also included with the Forensics add-on package: Field Description C&C IP The destination IP address. Destination Port The port identified as the destination of traffic coming from the affected device. Detection Mechanism The method used to detect the finding. GeoIP Location The geographical location where the involved IP address resides. Observed Behavior The type of behavior that indicated that the device was compromised. Observation Count The number of times the potentially exploited system was observed during a 24-hour period, between midnight UTC one day and midnight UTC the next day. Potentially Exploited Shows the type or name of the detected unwanted application. Request Method The HTTP request method (GET, POST, etc) used by the compromised device to communicate with its C&C server. Server Name* The domain name of the server, which is a known C&C server, sinkhole, or adware host. A device was observed connecting to this server. Source Port The port identified as the source of traffic from a compromised device. User Agent The user’s browser details. Malware can use the HTTP header to transmit information about itself or the compromised system to C&C servers. Filters The following filters are available: Field Description Admogo An Android app that displays advertisements and may steal the user’s personal information. CrossRider A piece of malware created using the CrossRider browser extension tool. Grayware A potentially unwanted application that may be indicative of weak security practices or other compromises. Mobile Spy Tracks mobile usage behavior and sends reports to a server. Port Scanner A botnet is scanning the Internet looking for new devices to infect. Techsnab Malicious adware designed to trick users into engaging in click fraud. October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu. January 19, 2024: Findings Table navigation by application. May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked. Related articles Potentially Exploited Risk Vector Potentially Exploited Finding Considerations Compromised System Findings How is the Unsolicited Communications Risk Vector Observed? GET: Potentially Exploited Finding Details Feedback 0 comments Please sign in to leave a comment.