Documents
Treasure Map Presentation
Sep. 14, 2014
-- :2 r=~t -- ?r
If?. ?In?
ll?t
Bad guys are everywhere,
good guys are somewhere!
Threat Operations Center (NTOC)
NTOC Technology Development
-- :2 r=~t -- ?r
If?. ?In?
ll?t
Bad guys are everywhere,
good guys are somewhere!
Threat Operations Center (NTOC)
NTOC Technology Development
TSHSIHREL TD USA. F'v'E?r"
(U) NTOC
- Operates under both SIGINT and
Information Assurance authorities
Leverage SIGINT, IA, OSINT
- (UIIFOUO) Coordinates Integrated Cyber Operations
V2: Analysis
V3: Operations
V4: Technology Development Support
- V45: Technologyr Development Division
TSHSIHREL TD USA. F'v'E?r"
(U) NTOC
- Operates under both SIGINT and
Information Assurance authorities
Leverage SIGINT, IA, OSINT
- (UIIFOUO) Coordinates Integrated Cyber Operations
V2: Analysis
V3: Operations
V4: Technology Development Support
- V45: Technologyr Development Division
TSHSIHFQEL TD USA.
(U) V45 - Projects
TREASUREMAP
Massive Internet mapping, exploration, and
analysis engine
- PACKAGEDGOODS
Globally dispersed traceroute generators
- (U) Other Projects
TSJISWREL TD USA,
TSHSIHFQEL TD USA.
(U) V45 - Projects
TREASUREMAP
Massive Internet mapping, exploration, and
analysis engine
- PACKAGEDGOODS
Globally dispersed traceroute generators
- (U) Other Projects
TSJISWREL TD USA,
TSHSIHFEEL TD USA. F'v'E?t'
(U) What is
ran
(UHFOUO) Capability for building a near real-time, interactive
map of the global internet.
Map the entire Internet Any device*, anywhere, all the time
(UHFOUO) We enable a wide range of missions:
Cyber Situational Awareness your own network plus adversaries?
- Common Operation Pictures (COP)
- Computer Anackaxploit Planning Proparation of the Environment
- Network Reconnaissance
- Measures of Effectiveness (MOE)
limited only by available data)
w_
TEJJEWHEL TD USA, F'Iul'E?i"
TSHSIHFEEL TD USA. F'v'E?t'
(U) What is
ran
(UHFOUO) Capability for building a near real-time, interactive
map of the global internet.
Map the entire Internet Any device*, anywhere, all the time
(UHFOUO) We enable a wide range of missions:
Cyber Situational Awareness your own network plus adversaries?
- Common Operation Pictures (COP)
- Computer Anackaxploit Planning Proparation of the Environment
- Network Reconnaissance
- Measures of Effectiveness (MOE)
limited only by available data)
w_
TEJJEWHEL TD USA, F'Iul'E?i"
TSHSIHFEEL TD USA.
(U) TREASUREMAP
- Continual generation of global Internet
map, and (limited)
- Focus on logical layers (router and
autonomous system), but touches physical, data
link, and application layers
- (U) Its Huge.
5 TEHSWREL USA.
TSHSIHFEEL TD USA.
(U) TREASUREMAP
- Continual generation of global Internet
map, and (limited)
- Focus on logical layers (router and
autonomous system), but touches physical, data
link, and application layers
- (U) Its Huge.
5 TEHSWREL USA.
TSHSIHREL TD USA, F?y'E?r?
(U) TREASUREMAP as an Enabler
1?1"
I.
Persona Layer
Cyoer Persona Layer
Physical Network Layer
Geographical Layer
Dur
mission
TSHSIHREL TD USA, F?y'E?r?
(U) TREASUREMAP as an Enabler
1?1"
I.
Persona Layer
Cyoer Persona Layer
Physical Network Layer
Geographical Layer
Dur
mission
TSHSIHREL TD USA.
(U) Current State
(UHFOUO) Data Sources
Open Source intelligence Academic
Commercially Acquired
SIGINT
Information Assurance
(UHFOUO) Available on multiple networks to many user groups
5-Eyes partners
JWICS users - USG IC
USG IC lDoD TREASUREMAP-SIPR
(U) Nevv capabilities delivered every 90 days
(U) 30+ Gigabytes of additional data added and replaced per day
OSINT Open Source Publicly available Internet Meta-Data)
TEHSWREL TD USA, F'v'E?r'
TSHSIHREL TD USA.
(U) Current State
(UHFOUO) Data Sources
Open Source intelligence Academic
Commercially Acquired
SIGINT
Information Assurance
(UHFOUO) Available on multiple networks to many user groups
5-Eyes partners
JWICS users - USG IC
USG IC lDoD TREASUREMAP-SIPR
(U) Nevv capabilities delivered every 90 days
(U) 30+ Gigabytes of additional data added and replaced per day
OSINT Open Source Publicly available Internet Meta-Data)
TEHSWREL TD USA, F'v'E?r'
TSHSIHREL TD LISA,
J?il?E Peril:
(U) Data Sources
Feed the Machine
TSHSIHREL TD LISA,
J?il?E Peril:
(U) Data Sources
Feed the Machine
TSHSIHFEEL TD USA. FVET
OSINT, Commercial Academich
Plci. ?In. nah(UIIFOUO) BGP
Gives the 300,000 foot trietmr of the Internet
Defines routing across Autonomous Systems (AS)
Origination of IP address spaces (Prefixes) to AS
How the Internet gets knowledge of itself (IP address space)
Commericaly purchased Data Sources
Akamai, SOCIALSTAMP, SEASIDEFERRY
Open Source
Public BGP, IXP (RIPE), APNIC, ROUTEVIEWS, CERNET
TD
TSHSIHFEEL TD USA. FVET
OSINT, Commercial Academich
Plci. ?In. nah(UIIFOUO) BGP
Gives the 300,000 foot trietmr of the Internet
Defines routing across Autonomous Systems (AS)
Origination of IP address spaces (Prefixes) to AS
How the Internet gets knowledge of itself (IP address space)
Commericaly purchased Data Sources
Akamai, SOCIALSTAMP, SEASIDEFERRY
Open Source
Public BGP, IXP (RIPE), APNIC, ROUTEVIEWS, CERNET
TD
TSHSIHFEEL TD USA.
-. 1- l?
(U) OSINT, Commercial Academicwmn
- (UHFOUO) Traceroutes
Router ?to- router links to targeted IP addresses
Creates links between networking devices (routers)
TM ingests approx. ~16?18 million traceroutes daily
Gives the 300 foot View, router-to-router infrastructure
Data Sources
ARK Archipelago Project
PACKAGEDGOODS
SOCIALSTAMP
- RUSTICBAGGAGE
User Input
w?
TENSWHEL TD USA.
TSHSIHFEEL TD USA.
-. 1- l?
(U) OSINT, Commercial Academicwmn
- (UHFOUO) Traceroutes
Router ?to- router links to targeted IP addresses
Creates links between networking devices (routers)
TM ingests approx. ~16?18 million traceroutes daily
Gives the 300 foot View, router-to-router infrastructure
Data Sources
ARK Archipelago Project
PACKAGEDGOODS
SOCIALSTAMP
- RUSTICBAGGAGE
User Input
w?
TENSWHEL TD USA.
TSHSIHREL TD USA.
AcademicIPi?ar?r? remap
- (U) Registries - Information on netblock and AS ownership
- (U) DNS - IP address to domain name matching
- (U) Operating System (OS) Fingerprints
Software and Operating System characteristics of networked
devices
~30-50 million unique IP addresses represented per day
TSHSIHREL TD USA.
AcademicIPi?ar?r? remap
- (U) Registries - Information on netblock and AS ownership
- (U) DNS - IP address to domain name matching
- (U) Operating System (OS) Fingerprints
Software and Operating System characteristics of networked
devices
~30-50 million unique IP addresses represented per day
TSHSIHFEEL TD USA.
OUO) Traceroutes:
. d? I l?(UHFOUO) Collects ?network measurement" data, on public internet
(U) Random traceroutes and user requested
(UHFOUO) PG-GTR
Currently using JDD public traceroute sites to perform operations
High target (full IP addresses)
Capable of le4 and le? traceroutes daily
(UHFOUO) PG-Seryer
High yolume: ~65 million traceroutes per day
Low targeting: le-l ?24 netblocks or higher
Can do whole ASes, Country, Netblocks
13 covered servers in unwitting data centers around the globe
- Asia: Malaysia, Singapore, Taiwan, China (2), Indonesia, Thailand, India
- Europe 3; Russia: Poland, Russia, Germany, Ukraine, Latyia, Denmark
- Africa: South Africa
- South America: Argentina, Brazil
TEHSWREL USA.
TSHSIHFEEL TD USA.
OUO) Traceroutes:
. d? I l?(UHFOUO) Collects ?network measurement" data, on public internet
(U) Random traceroutes and user requested
(UHFOUO) PG-GTR
Currently using JDD public traceroute sites to perform operations
High target (full IP addresses)
Capable of le4 and le? traceroutes daily
(UHFOUO) PG-Seryer
High yolume: ~65 million traceroutes per day
Low targeting: le-l ?24 netblocks or higher
Can do whole ASes, Country, Netblocks
13 covered servers in unwitting data centers around the globe
- Asia: Malaysia, Singapore, Taiwan, China (2), Indonesia, Thailand, India
- Europe 3; Russia: Poland, Russia, Germany, Ukraine, Latyia, Denmark
- Africa: South Africa
- South America: Argentina, Brazil
TEHSWREL USA.
TSJISIHREL TD USA,
(U) Coming Soon!
Int?53721 J?il?E
- PG-Server 2.0
Tasking of full IP address
Choice of traceroute types:
- ICMP
- ICMP Paris
- TCP
- UDP
Choice of PG-SVR (for source of traceroute)
Auto-refresh
TSJISIHREL TD USA,
(U) Coming Soon!
Int?53721 J?il?E
- PG-Server 2.0
Tasking of full IP address
Choice of traceroute types:
- ICMP
- ICMP Paris
- TCP
- UDP
Choice of PG-SVR (for source of traceroute)
Auto-refresh
TSHSIHFQEL TD USA. F'v?E?t'
(U) Traceroutes - CAIDA
(U) University of California, San Diego
Cooperative Association for Internet Data Analysis
Archipelago measurement platform
TM data source: ARK
(U) High volume: ~10 million traceroutes per day
(U) Random targeting (I24 netblock, BGP advertised)
(U) 44 Locations: Asia (5), Europe (15), Africa (2), North
America (18), South America (2), Oceania (2)
TSJISWREL TD USA,
TSHSIHFQEL TD USA. F'v?E?t'
(U) Traceroutes - CAIDA
(U) University of California, San Diego
Cooperative Association for Internet Data Analysis
Archipelago measurement platform
TM data source: ARK
(U) High volume: ~10 million traceroutes per day
(U) Random targeting (I24 netblock, BGP advertised)
(U) 44 Locations: Asia (5), Europe (15), Africa (2), North
America (18), South America (2), Oceania (2)
TSJISWREL TD USA,
TSHSIHFEEL TD USA. FUET
(UHFOUO) PACKAGEDGOODS - NTOC
(S) Clandestine traceroute and DNS processor
(SHSIHREL) BLACKPEARL
SIGINT session 5-tupel, identified routers, routing protocols, SIGINT access points,
(inferred SIGINT access points)
(SHSIHR EL) LEAKYFAUCET
Flow repository of 802.11 WiFi IP addresses and clients via STUN data
(SHSIHREL) HYDROCASTLE
802.11 configuration data extracted from CNE activity in specific locations
(Requires HYDROCASTLE account)
(SHSIHREL) MASTERSHAKE
FORNSAT and WiFi collection data
(SHSIHREL) S-TRICKLER - NTOC
- IP address fingerprints and potential vulnerabilities from FORNSAT collection
In ?v To LISA. weir
TSHSIHFEEL TD USA. FUET
(UHFOUO) PACKAGEDGOODS - NTOC
(S) Clandestine traceroute and DNS processor
(SHSIHREL) BLACKPEARL
SIGINT session 5-tupel, identified routers, routing protocols, SIGINT access points,
(inferred SIGINT access points)
(SHSIHR EL) LEAKYFAUCET
Flow repository of 802.11 WiFi IP addresses and clients via STUN data
(SHSIHREL) HYDROCASTLE
802.11 configuration data extracted from CNE activity in specific locations
(Requires HYDROCASTLE account)
(SHSIHREL) MASTERSHAKE
FORNSAT and WiFi collection data
(SHSIHREL) S-TRICKLER - NTOC
- IP address fingerprints and potential vulnerabilities from FORNSAT collection
In ?v To LISA. weir
TSHSIHFEEL TD USA. F'v'E?t'
U) Internal Sources (Protected
.
(SHSIHREL) TOYGRIPPE -
Repository of VPN endpoints
(SHSIHREL)
Router configuration files from CNE and passive SIGINT
DISCOROUTE repository
VITALAIRZ
Autontated scaned IP addresses for TAO known vulnerabilities
(UHFOUO) IPGeoTrap -
Provides geolocation services for IP addressesfranges
JOLLYROGER
Provides metadata that describes the networking environment of TAO-
implanted Windows PCs
(Requires JOLLYROGER account)
(UHFOUO) NTOC
- Specific alerts from intrusion detection sensors
- (not currently active)
3 USA.
TSHSIHFEEL TD USA. F'v'E?t'
U) Internal Sources (Protected
.
(SHSIHREL) TOYGRIPPE -
Repository of VPN endpoints
(SHSIHREL)
Router configuration files from CNE and passive SIGINT
DISCOROUTE repository
VITALAIRZ
Autontated scaned IP addresses for TAO known vulnerabilities
(UHFOUO) IPGeoTrap -
Provides geolocation services for IP addressesfranges
JOLLYROGER
Provides metadata that describes the networking environment of TAO-
implanted Windows PCs
(Requires JOLLYROGER account)
(UHFOUO) NTOC
- Specific alerts from intrusion detection sensors
- (not currently active)
3 USA.
TSHSIHREL TD LISA,
Til?E Igc?xftI:
(U) The Whole is Greater
than the Sum of the Parts
TSHSIHREL TD LISA,
Til?E Igc?xftI:
(U) The Whole is Greater
than the Sum of the Parts
TSHSIHFEEL TD USA.
(U) Data Relationships
Router
Configuration
Files
Router Traceroutes
Advertl?emem? Geolocatl on
Autonomous u: an dress
stem
DU main
SIGADICASN MAC Address NetblocI-t Names
E11. Ex:
Yellow links denotes direct relationships between data types.
For example, we know which AS contains a router because we can relate a router to IP Addresses,
IP Addresses to IP Pre?xes, then IP Pre?xes to an AS.
TD USA,
TSHSIHFEEL TD USA.
(U) Data Relationships
Router
Configuration
Files
Router Traceroutes
Advertl?emem? Geolocatl on
Autonomous u: an dress
stem
DU main
SIGADICASN MAC Address NetblocI-t Names
E11. Ex:
Yellow links denotes direct relationships between data types.
For example, we know which AS contains a router because we can relate a router to IP Addresses,
IP Addresses to IP Pre?xes, then IP Pre?xes to an AS.
TD USA,
if]
EL
Announcements
Potential Satellite Hops
Graph simplified for presentation purpose
Stulo AS: Molti-hometl EL Single hometl
TD LISA, F'IurlE?l?r
if]
EL
Announcements
Potential Satellite Hops
Graph simplified for presentation purpose
Stulo AS: Molti-hometl EL Single hometl
TD LISA, F'IurlE?l?r
TD
(U) and Registries
Tl'l Fit:th Teleleem A. Etris
It I
I.
n.
I.
urn Unet
Hell-er li'Jr'JL?i
. E55
Tl'ne?r Aul'molnol?
Erstem
?l
I.
Ujlilrrl?liL?mrl'j
I 5?
TM Net, intern-st
ieren
iuuljorl Curl-mall}
Jr? I ilnii'rh'i
1m.
a.
a.
INTEL-ASH I?ntol Teleoom
LEUELE Level 3 mmlcotlons
Singapore
Plovider Petisi'an
Teleoom lelted
State I?titute
a
I.
I
.-
of leclnoloqies
and
or
FREE-NET-F. I'RlInet
Graph simplified for presentation purpose
LISA, Pu'E?r'
TD
(U) and Registries
Tl'l Fit:th Teleleem A. Etris
It I
I.
n.
I.
urn Unet
Hell-er li'Jr'JL?i
. E55
Tl'ne?r Aul'molnol?
Erstem
?l
I.
Ujlilrrl?liL?mrl'j
I 5?
TM Net, intern-st
ieren
iuuljorl Curl-mall}
Jr? I ilnii'rh'i
1m.
a.
a.
INTEL-ASH I?ntol Teleoom
LEUELE Level 3 mmlcotlons
Singapore
Plovider Petisi'an
Teleoom lelted
State I?titute
a
I.
I
.-
of leclnoloqies
and
or
FREE-NET-F. I'RlInet
Graph simplified for presentation purpose
LISA, Pu'E?r'
TD USA.
(U) Internet ?flow? to a ?Network?
Tit?5*: no
Graph simplified for on purpose
They?re color-coded by country. Big deal.
TD USA,
TD USA.
(U) Internet ?flow? to a ?Network?
Tit?5*: no
Graph simplified for on purpose
They?re color-coded by country. Big deal.
TD USA,
EL TD LJ
(U) With
1?4 as; 1'
Correlation of IP Address with AS EL
1' 5 Country
1T4 rus?:
. . . a? -
Hops . I
--..
- .. 171T4 rust;
Addresses
(private IP address spaceNetwork Bottlenecks
Graph sln1 plIfI ed for presentation purpose
TO USA,
EL TD LJ
(U) With
1?4 as; 1'
Correlation of IP Address with AS EL
1' 5 Country
1T4 rus?:
. . . a? -
Hops . I
--..
- .. 171T4 rust;
Addresses
(private IP address spaceNetwork Bottlenecks
Graph sln1 plIfI ed for presentation purpose
TO USA,
HF: EL TD Pu" E"r'
LISA,
a
all
Graph simplified for presentation purppse
HF: EL TD Pu" E"r'
LISA,
a
all
Graph simplified for presentation purppse
TSHSIHHEL TD USA,
(U) IP Geolocation Data
Til?E Ii?v?F
TSHSIHHEL TD USA,
(U) IP Geolocation Data
Til?E Ii?v?F
TSHSIHHEL TD USA,
J?il?E
(U) Seeing
in the Water
TSHSIHHEL TD USA,
J?il?E
(U) Seeing
in the Water
EL TD Fin-?E?
1 writRed Links: Red Ccre ches:
SIGINT Ccllecticn access pcints between SIGINT 333355 PDintS Within A5
:rc.
FH?xbjri-H Psi-net zed
serge: ntng'L
i
. '21 I
+5.3
.-
as u: rum-e 1:5 as 3
?a
..
1.5-
33 - .x a
hat"; . -. a JF fir-I-FI Fl. ?Ema
TI: In t-Ii'rlrl tic-1 it: if: in [His Funk.? IE em? LI L:
In? cs. 41mm
x"
Eer'u' ce iredder
2
?1 inn! !i
'1 - JP
sewice crevicer ic [Jens-e
a [teasing
acts-scra? 1 . Ltd-
[Arth
_h LENS L'Li?ri'dl .L'iirt-LiliIEc:
?ags {hen Ln 'T'erslta?l?b?l nejrm+__
Red Hinged che:
ches within A5 are SIGINT Referenced Graph BimP'i?E?d Presentati?n PUFPDSE
TD USA, F'ifE?r?
EL TD Fin-?E?
1 writRed Links: Red Ccre ches:
SIGINT Ccllecticn access pcints between SIGINT 333355 PDintS Within A5
:rc.
FH?xbjri-H Psi-net zed
serge: ntng'L
i
. '21 I
+5.3
.-
as u: rum-e 1:5 as 3
?a
..
1.5-
33 - .x a
hat"; . -. a JF fir-I-FI Fl. ?Ema
TI: In t-Ii'rlrl tic-1 it: if: in [His Funk.? IE em? LI L:
In? cs. 41mm
x"
Eer'u' ce iredder
2
?1 inn! !i
'1 - JP
sewice crevicer ic [Jens-e
a [teasing
acts-scra? 1 . Ltd-
[Arth
_h LENS L'Li?ri'dl .L'iirt-LiliIEc:
?ags {hen Ln 'T'erslta?l?b?l nejrm+__
Red Hinged che:
ches within A5 are SIGINT Referenced Graph BimP'i?E?d Presentati?n PUFPDSE
TD USA, F'ifE?r?
TD USA.
Traceroute overlaid with SIGINT
and other
Router Configuration
DE Fmgerpr'ms Router lti'endor:t3istNode Referenced in SIGINT
Shields: IP Addresses
Undersoore AS: ?Operational? AS
TD USA, F?Iul'E?f'
TD USA.
Traceroute overlaid with SIGINT
and other
Router Configuration
DE Fmgerpr'ms Router lti'endor:t3istNode Referenced in SIGINT
Shields: IP Addresses
Undersoore AS: ?Operational? AS
TD USA, F?Iul'E?f'
TD USA.
Known Devices
Scurces: DISCOROUTE rcuter ccnfiguraticn repcsitcry)
Display infrastructure, as ccnfigured in rcuter
ccnfiguraticn files
- Where rcuter accessed from
(pcssible
- sewers configured for rcuter
DNS, Radius, TACACS)
TO USA,
TD USA.
Known Devices
Scurces: DISCOROUTE rcuter ccnfiguraticn repcsitcry)
Display infrastructure, as ccnfigured in rcuter
ccnfiguraticn files
- Where rcuter accessed from
(pcssible
- sewers configured for rcuter
DNS, Radius, TACACS)
TO USA,
TD USA. FUET
(SHSIHREL) Known Devices
Sources: DISCOROUTE (NAG router configuration
repository54'. . I . I:
Routerdata in tables
I I
Fmiir F: Fir rho; r11 Finn?
- I
EDT:
i'n'ILIr f-tFtE Ht'tT
-
I
TD USA,
TD USA. FUET
(SHSIHREL) Known Devices
Sources: DISCOROUTE (NAG router configuration
repository54'. . I . I:
Routerdata in tables
I I
Fmiir F: Fir rho; r11 Finn?
- I
EDT:
i'n'ILIr f-tFtE Ht'tT
-
I
TD USA,
.-
Ir
- ?alr
39.254.60-
LEE-SIN 1
TD USA.
EDP Router Report:
P?fil??l FDIC
Cisco Discovery Protocol (CDP)
ELF
Involz bwitching
Protocol ?5 Hounzry
..-1. 1:31 mm?
5?6
?ourcez
ED LEL ?32310
I
TD USA,
.-
Ir
- ?alr
39.254.60-
LEE-SIN 1
TD USA.
EDP Router Report:
P?fil??l FDIC
Cisco Discovery Protocol (CDP)
ELF
Involz bwitching
Protocol ?5 Hounzry
..-1. 1:31 mm?
5?6
?ourcez
ED LEL ?32310
I
TD USA,
TD USA.
(UIIFOUO) 302.11 WiFi Data
Display and correlation of 802.11 wireless
networks and clients
Sources
1* account required) J.
TD USA,
TD USA.
(UIIFOUO) 302.11 WiFi Data
Display and correlation of 802.11 wireless
networks and clients
Sources
1* account required) J.
TD USA,
TD USA. F'v?E?r'
(U) Communities
Individual IP addresses related by a
common attribute
- TOR router
Servers (DNS, NTP, SNMP, TACACS, RADIUS)
- Hide IP NG Proxy Servers
- BYZANTINE HADES Infrastructure hostinnfected hosts
- Sources: (Varies)
Currently TOR router advertisements
TD USA,
TD USA. F'v?E?r'
(U) Communities
Individual IP addresses related by a
common attribute
- TOR router
Servers (DNS, NTP, SNMP, TACACS, RADIUS)
- Hide IP NG Proxy Servers
- BYZANTINE HADES Infrastructure hostinnfected hosts
- Sources: (Varies)
Currently TOR router advertisements
TD USA,
EL TD LJ
E-
II- H-u
.?al?dl'allnam - - If]
EFFICA. LEE
Grandad: 11?191'2010 Modi?ed: 13:1.21
ERR #1511]
. I IE.-
Evl? ;Iii - . I . at]
F. 3?1]
'J-H?ol
3?51?:
?3311geese-I; gig-3;; I 333312; I LEEDEIEI I LEE-ISM I $332935 313327: AEI E-II A
I H: Film
I ll'.l I :uu.
?31'1" .l I h?
2-39? cm 7343
3.3.11- ?3 CW 73' I533
?In. 51' I II
IE EW 51":
?in. I
13:1:-
Fin-'7-
IZITICA. LEE I: Ll'l'
TSHSIHREL TD USA, F?qu'E?fr
EL TD LJ
E-
II- H-u
.?al?dl'allnam - - If]
EFFICA. LEE
Grandad: 11?191'2010 Modi?ed: 13:1.21
ERR #1511]
. I IE.-
Evl? ;Iii - . I . at]
F. 3?1]
'J-H?ol
3?51?:
?3311geese-I; gig-3;; I 333312; I LEEDEIEI I LEE-ISM I $332935 313327: AEI E-II A
I H: Film
I ll'.l I :uu.
?31'1" .l I h?
2-39? cm 7343
3.3.11- ?3 CW 73' I533
?In. 51' I II
IE EW 51":
?in. I
13:1:-
Fin-'7-
IZITICA. LEE I: Ll'l'
TSHSIHREL TD USA, F?qu'E?fr
TSHSIHFEEL TD USA. F'v'E?t'
(UIIFOUO) TREASUREMAP Workspace
- (UIIFOUO) Toolbar: Offers access to a variety of commonly used
func?ons
- (UIIFOUO) Search Pane: Input search parameters
(UIIFOUO) Advanced Search Options: Preferences for searches
(UIIFOUO) Release my search to PG: Requesting traceroutes for
target IP addresses
- (UIIFOUO) Other Searches: Includes Router, DNS, Batch
IPIMAC and JOLLYROGER
Legend: Contains all of the icons and decorations as
seen in an active graph
- (UIIFOUO) Send Feedback: Provides a vvay to communicate
questions, comments or problems to the TREASUREMAP team.
w_
TEJJEWHEL TD USA,
TSHSIHFEEL TD USA. F'v'E?t'
(UIIFOUO) TREASUREMAP Workspace
- (UIIFOUO) Toolbar: Offers access to a variety of commonly used
func?ons
- (UIIFOUO) Search Pane: Input search parameters
(UIIFOUO) Advanced Search Options: Preferences for searches
(UIIFOUO) Release my search to PG: Requesting traceroutes for
target IP addresses
- (UIIFOUO) Other Searches: Includes Router, DNS, Batch
IPIMAC and JOLLYROGER
Legend: Contains all of the icons and decorations as
seen in an active graph
- (UIIFOUO) Send Feedback: Provides a vvay to communicate
questions, comments or problems to the TREASUREMAP team.
w_
TEJJEWHEL TD USA,
TSJISIHREL TD USA, F'u'E?r'
(UIIFOUO) TREASUREMAP Search Items
IP Address
Routers
(UIIFOUO) DNS (FQN)
MAC address 1? 802.11 BSSID 1? 802.11 SSID
IP Prefix 1? Range (CIDR Notation)
Registry Netblock
SIGAD andr?or Case Notation
(UIIFOUO) Country! IP Country Code
(UIIFOUO) Autonomous System (AS) Number
10. (UIIFOUO) Free Text
.
TSJISIHREL TD USA, F'u'E?r'
(UIIFOUO) TREASUREMAP Search Items
IP Address
Routers
(UIIFOUO) DNS (FQN)
MAC address 1? 802.11 BSSID 1? 802.11 SSID
IP Prefix 1? Range (CIDR Notation)
Registry Netblock
SIGAD andr?or Case Notation
(UIIFOUO) Country! IP Country Code
(UIIFOUO) Autonomous System (AS) Number
10. (UIIFOUO) Free Text
.
TD USA.
?It E-:t e:
?11 .1 111:1 IE-
Nude.- detail u-us
I
I:
Traceruute routing
infrastructure
Links
I II
Jr?er
a mu
Iii-lit
143%
mummy
Summary I
Information "mm, mm.
21:11:: Tar-Jet ?at-2H: Tar-:b.3151 I.I-
II-
II IT
IT
TI: JEA.
TD USA,
TD USA.
?It E-:t e:
?11 .1 111:1 IE-
Nude.- detail u-us
I
I:
Traceruute routing
infrastructure
Links
I II
Jr?er
a mu
Iii-lit
143%
mummy
Summary I
Information "mm, mm.
21:11:: Tar-Jet ?at-2H: Tar-:b.3151 I.I-
II-
II IT
IT
TI: JEA.
TD USA,
Hui?. 53]] Elli-L?ilw-I.
an. _Gu I
- Emu: gm name gunman-Jana Ems. male tumm-
- arr-mm Fr'hl Inlj I I qurInirm-urlj' I I'il'll'l PET. lql'llri an I1 II I'h: HpimhhlrI? imIlThI 'Ilnll'l'la-I: uni-:l 13mer :11" il'nln-Illr .TI rIIllinI: 'I'ilh lh' Inn. 'Iln. I
Tm'ul? Irhh ?Jill-II 1M wnlinul ILL- l'll?ll. uni] :wu: apt-n Mumvm will: Iu
11ml?.
L?usmuamu'mm IJHH:
l-?JJm-?Ji' .1. ma: :5 1] hme. In: .111:- n: 111-9 g;
CI: .L'i
min-{Jug 112-74.- rem
.111.
I
. 5:51 r. :t'uthcu. a:
.
-
urtlu.r_.._ wall
L: Lela?2c}. Iii-1.15. alme Lani-Lilla:
mm'?n?l?un mil Lam-?- M?m Hm
m?m? urI. NEH. Inn and nil:
-
Small text-d ueries
Dunduul. mammw W's? Hun
in?ammat-
DDW I- 621:. 341.:3. '12!
. . . .
- Min-55.1.! Emmi.? tum! 5.33133: all?
I .iti Hana.
?ll?llrm 13.3.. 1rd ate
I 1955:]- C1
I I F:
D?n'rIrnunT?nl E?j? I
I mE-?fl
I T-t'rlifjr
i-t'rlifj: nrhnal van-m pr-i-?H
I wring
Til-If v?'lr'rk ninth r'f?w'i "It: .
In" I 31.1. In: In
I: ll ll E-IHI Ilia-wk Hz: m: Hz: urn-(Lam. -.I-
'u I: Lid. Lin'I-Trw Flt-u 'rh rmr'.? - 'trr.
hm" 55?? II he]; (client: .L'd Lita-hr. 5-H: net:
ml Iri?u? I 1: Ed (2-H: In?:
-. . j. I, - Ll'L'rr-
I T: l'uPrr .- Brim-r: Jul ~rn'm3"un'" -
Ff? - bur-J.- hz- uni-e
TO USA,
Hui?. 53]] Elli-L?ilw-I.
an. _Gu I
- Emu: gm name gunman-Jana Ems. male tumm-
- arr-mm Fr'hl Inlj I I qurInirm-urlj' I I'il'll'l PET. lql'llri an I1 II I'h: HpimhhlrI? imIlThI 'Ilnll'l'la-I: uni-:l 13mer :11" il'nln-Illr .TI rIIllinI: 'I'ilh lh' Inn. 'Iln. I
Tm'ul? Irhh ?Jill-II 1M wnlinul ILL- l'll?ll. uni] :wu: apt-n Mumvm will: Iu
11ml?.
L?usmuamu'mm IJHH:
l-?JJm-?Ji' .1. ma: :5 1] hme. In: .111:- n: 111-9 g;
CI: .L'i
min-{Jug 112-74.- rem
.111.
I
. 5:51 r. :t'uthcu. a:
.
-
urtlu.r_.._ wall
L: Lela?2c}. Iii-1.15. alme Lani-Lilla:
mm'?n?l?un mil Lam-?- M?m Hm
m?m? urI. NEH. Inn and nil:
-
Small text-d ueries
Dunduul. mammw W's? Hun
in?ammat-
DDW I- 621:. 341.:3. '12!
. . . .
- Min-55.1.! Emmi.? tum! 5.33133: all?
I .iti Hana.
?ll?llrm 13.3.. 1rd ate
I 1955:]- C1
I I F:
D?n'rIrnunT?nl E?j? I
I mE-?fl
I T-t'rlifjr
i-t'rlifj: nrhnal van-m pr-i-?H
I wring
Til-If v?'lr'rk ninth r'f?w'i "It: .
In" I 31.1. In: In
I: ll ll E-IHI Ilia-wk Hz: m: Hz: urn-(Lam. -.I-
'u I: Lid. Lin'I-Trw Flt-u 'rh rmr'.? - 'trr.
hm" 55?? II he]; (client: .L'd Lita-hr. 5-H: net:
ml Iri?u? I 1: Ed (2-H: In?:
-. . j. I, - Ll'L'rr-
I T: l'uPrr .- Brim-r: Jul ~rn'm3"un'" -
Ff? - bur-J.- hz- uni-e
TO USA,
TSHSIHHEL TD USA,
4 "i
.
(UIIFOUO) TREASUREMAP Contact Infomm
Government Lead
- Customer Support Team
- Email: DL
TSHSIHHEL TD USA,
4 "i
.
(UIIFOUO) TREASUREMAP Contact Infomm
Government Lead
- Customer Support Team
- Email: DL