Skip to main content

Suspicious HTTP GET request requiring investigation

ID:http_get_suspicious
Data type:HTTP
Severity:
Medium
-
High
MITRE ATT&CK:TA0011:T1071.001

Description

AlphaSOC detected a suspicious HTTP GET request that may indicate ongoing communication with a command and control (C2) server, data exfiltration, or malware download attempts. The destination may have suspicious properties or has low reputation. Adversaries may use HTTP requests to blend malicious activity with legitimate traffic, making it harder to detect.

Impact

Suspicious HTTP traffic can cause users to inadvertently download malware, share sensitive information, or grant unauthorized access to their devices, which may result in financial loss, data breaches, or the system becoming part of a botnet.

Severity

SeverityCondition
Medium
Suspicious HTTP GET request
High
HTTP GET request to a known bad destination

Investigation and Remediation

Investigate the destination of the suspicious HTTP GET request and analyze its content. If malicious activity is confirmed, isolate the affected system and terminate the malicious processes.