Skip to main content

P2P activity

ID:p2p_activity
Data type:DNS,IP,HTTP
Severity:
Medium
MITRE ATT&CK:TA0010:T1048

Description

AlphaSOC detected connection to known Peer to Peer (P2P) destination such as a BitTorrent tracker. P2P networks allow direct communication between devices without a central server.

Impact

Threat actors may use P2P networks for malicious activities such as malware distribution, C2 communication, and botnet participation. These connections can degrade network performance, expose sensitive data, and increase legal liabilities due to the potential sharing of copyrighted or illegal content.

Severity

SeverityCondition
Medium
Traffic to P2P destination

Investigation and Remediation

Investigate the destination of the P2P connection to determine if it's authorized. Review logs and network traffic for suspicious activity related to the detected P2P communication. If unauthorized activity is confirmed, isolate the affected system, terminate the P2P connection, and perform a malware scan.

Known False Positives

  • Legitimate use of P2P software for authorized file sharing or collaboration purposes
  • Video conferencing or VoIP applications may use P2P protocols
  • Content delivery networks (CDNs) or software update mechanisms may use P2P protocols