Skip to main content

Traffic to a TDS mechanism requiring investigation

ID:tds_traffic
Data type:DNS, HTTP
Severity:
Medium
MITRE ATT&CK:TA0011:T1071.001

Description

AlphaSOC detected traffic directed to a known Traffic Distribution System (TDS). TDS are networks used by cybercriminals to redirect victims to malicious content such as malware, phishing pages, and scams. These systems filter traffic based on various criteria and direct users to specific landing pages. They may be used by threat actors to distribute malware, including through exploit kits and drive-by downloads.

Impact

TDS traffic may indicate the presence of an active malware distribution campaign within your network. If left unaddressed, this can result in further malware downloads and execution.

Severity

SeverityCondition
Medium
Traffic to a TDS mechanism requiring investigation

Investigation and Remediation

Analyze network logs to identify the source of suspicious TDS traffic. Investigate the initial infection vector by examining file downloads and email attachments. Isolate compromised systems to prevent further spread or data exfiltration, remove malicious software, and block associated destinations.