Network Peer Mechanism

Comprehensive visibility into network communications, capturing every connection and building complete picture of network activity with 2+ million domain reputation database.

Overview

The system maintains detailed records of all network flows, constructs sophisticated relationship graphs linking processes to connections, preserves complete DNS resolution chains, and analyzes network peer relationships to identify suspicious patterns.

How It Works

Track Network Activity

Jibril monitors all network connections at kernel level:

• Outbound connections
• Inbound connections
• DNS queries and responses
• Connection metadata (source, destination, ports, protocols)

DNS Resolution Monitoring

Every DNS query intercepted and analyzed:

• Domain names requested
• Resolved IP addresses
• Response timing
• Query patterns

Pattern and Contextual Analysis

Network activity attributed to originating process:

• Which process initiated connection
• Process execution context
• User identity
• Process ancestry

Domain Reputation Analysis

Queries checked against reputation database containing:

• 2+ million known malicious domains
• Command and control servers
• Malware distribution sites
• Phishing domains
• Policy-violating domains

Use Cases

Detection Capabilities

Threat Intelligence

• Command & Control servers
• Malware distribution sites
• Known phishing domains
• Threat actor infrastructure

Algorithmic Detection

• Domain Generation Algorithms (DGA)
• Recently registered domains
• Dynamic DNS abuse
• Suspicious TLDs

Cloud & Infrastructure

• Cloud metadata access attempts
• VPN/Proxy service usage
• Plaintext communication protocols
• Unencrypted data transmission

Policy Violations

• Adult content sites
• Gambling websites
• Piracy domains
• Tracking services

Command & Control Detection

• Malware callbacks
• Beaconing activity
• Data exfiltration channels
• Remote access attempts

Malware Detection

• Download of malicious payloads
• Update server connections
• Lateral movement attempts
• Propagation traffic

Phishing Protection

• Known phishing campaigns
• Credential harvesting sites
• Impersonation domains
• Typosquatting attempts

Data Exfiltration Prevention

• Connections to suspicious destinations
• Unusual data volumes
• Non-standard protocols
• Cloud storage abuse

Compliance Enforcement

• Block prohibited content
• Monitor policy violations
• Audit network access
• Generate compliance reports

Domain Reputation Database

Coverage

2+ million domains across categories:

• Malware infrastructure
• Phishing campaigns
• C2 servers
• DGA domains
• Policy violations

Updates

Reputation database maintained and updated:

• Threat intelligence feeds
• Community contributions
• Automated discovery
• Manual verification

Categories

Threat Intelligence:

• Known malicious domains
• APT infrastructure
• Malware families
• Exploit kits

Algorithmic:

• DGA patterns
• Fast-flux networks
• Dynamic DNS
• Newly registered domains

Policy:

• Adult content
• Gambling
• Piracy
• Tracking services

Detections

• Adult Domain Access
• Algorithmic Domains
• Badware Domain Access
• Cloud Metadata Access
• Dynamic DNS Domain Access
• Fake Domain Access
• Gambling Domain Access
• General New Domains
• Phishing Domains
• Piracy Domain Access
• Plaintext Communication
• Threat Domain Access
• Tracking Domain Access
• VPNlike Domain Access