Home >
ICS >
Participants >
Claroty >
Commonly Used Port (T0885)
|
|
Criteria
Evidence of an established network connection over TCP port 3389 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) as RDP.
Criteria
Evidence of an established network connection over TCP port 3389 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via the "mstsc.exe" process as RDP. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 3389 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via the "mstsc.exe" process. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via the "sftp-server.exe" process. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 3389 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via the "mstsc.exe" process as RDP. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 3389 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) as RDP.
Criteria
Evidence of an established network connection over TCP port 3389 between the control EWS(10.0.100.20) and the safety EWS (10.0.100.15) via the "mstsc.exe" process as RDP. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) via "scp". Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via the "sftp-server.exe" process. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) tunneling SFTP.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) to transfer "Install_GuardLogix.zip" over scp.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) via "scp". Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) as SSH.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) tunneling SSH.
Criteria
Evidence of an established network connection over TCP port 445 between the adversary machine (10.0.100.1) and the control EWS (10.0.100.20) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) as SSH.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) as SSH.
Criteria
Evidence of an established network connection over TCP port 2223 between the control EWS (10.0.100.20) and the safety EWS (10.0.100.15) via "csp.exe"[SSHD]. Successful logon as user "Engineer" may be present or as a part of the connection and process creation.