Skip to main content

Table 8 Error analysis

From: TriCTI: an actionable cyber threat intelligence discovery system via trigger-enhanced neural network

Reasons Examples Analysis
Multi-label a. b14d8faf7f0cbcfad051cefe5f39645f - dispci.exe installs the bootlocker, communicates with the driver Two kinds of label conflict: Installation and Command and Control
b. Via an associated C2 IP address 108.61.214.194, we found an equivalent page on the phishing domain www.battllestategames.com Two kinds of label conflict: Command and control and Delivery
Incorrect association of IOCs with the campaign stages c. We observed the sample in the sandbox launched a DDoS attack against 185.63.190.95 around 2017-04-23 21:45:00 185.63.190.95 is the IP address of the victim
d. A typical representative of this malware family is an obfuscated Java script using ADODB.Stream technology to download and run DLL, EXE and PDF files ADODB.Stream is not a domain address