Thread detection classification

Backdoor: resource compromised and capable of contacting source home Behavior: activity that differs from established baseline Cryptocurrency: detected software associated with cryptocurrencies Pentest: activity detected similar to that generated by known penetration testing tools Persistence: established a presence in the environment Recon: attack scoping vulnerabilities by probing ports, listening, using database tables, etc. Resource consumption:…