Documents

Treasure Map Presentation

Sep. 14, 2014

1/38
Download
Page 1 from Treasure Map Presentation
-- :2 r=~t -- ?r If?. ?In? ll?t Bad guys are everywhere, good guys are somewhere! Threat Operations Center (NTOC) NTOC Technology Development
-- :2 r=~t -- ?r If?. ?In? ll?t Bad guys are everywhere, good guys are somewhere! Threat Operations Center (NTOC) NTOC Technology Development
Page 2 from Treasure Map Presentation
TSHSIHREL TD USA. F'v'E?r" (U) NTOC - Operates under both SIGINT and Information Assurance authorities Leverage SIGINT, IA, OSINT - (UIIFOUO) Coordinates Integrated Cyber Operations V2: Analysis V3: Operations V4: Technology Development Support - V45: Technologyr Development Division
TSHSIHREL TD USA. F'v'E?r" (U) NTOC - Operates under both SIGINT and Information Assurance authorities Leverage SIGINT, IA, OSINT - (UIIFOUO) Coordinates Integrated Cyber Operations V2: Analysis V3: Operations V4: Technology Development Support - V45: Technologyr Development Division
Page 3 from Treasure Map Presentation
TSHSIHFQEL TD USA. (U) V45 - Projects TREASUREMAP Massive Internet mapping, exploration, and analysis engine - PACKAGEDGOODS Globally dispersed traceroute generators - (U) Other Projects TSJISWREL TD USA,
TSHSIHFQEL TD USA. (U) V45 - Projects TREASUREMAP Massive Internet mapping, exploration, and analysis engine - PACKAGEDGOODS Globally dispersed traceroute generators - (U) Other Projects TSJISWREL TD USA,
Page 4 from Treasure Map Presentation
TSHSIHFEEL TD USA. F'v'E?t' (U) What is ran (UHFOUO) Capability for building a near real-time, interactive map of the global internet. Map the entire Internet Any device*, anywhere, all the time (UHFOUO) We enable a wide range of missions: Cyber Situational Awareness your own network plus adversaries? - Common Operation Pictures (COP) - Computer Anackaxploit Planning Proparation of the Environment - Network Reconnaissance - Measures of Effectiveness (MOE) limited only by available data) w_ TEJJEWHEL TD USA, F'Iul'E?i"
TSHSIHFEEL TD USA. F'v'E?t' (U) What is ran (UHFOUO) Capability for building a near real-time, interactive map of the global internet. Map the entire Internet Any device*, anywhere, all the time (UHFOUO) We enable a wide range of missions: Cyber Situational Awareness your own network plus adversaries? - Common Operation Pictures (COP) - Computer Anackaxploit Planning Proparation of the Environment - Network Reconnaissance - Measures of Effectiveness (MOE) limited only by available data) w_ TEJJEWHEL TD USA, F'Iul'E?i"
Page 5 from Treasure Map Presentation
TSHSIHFEEL TD USA. (U) TREASUREMAP - Continual generation of global Internet map, and (limited) - Focus on logical layers (router and autonomous system), but touches physical, data link, and application layers - (U) Its Huge. 5 TEHSWREL USA.
TSHSIHFEEL TD USA. (U) TREASUREMAP - Continual generation of global Internet map, and (limited) - Focus on logical layers (router and autonomous system), but touches physical, data link, and application layers - (U) Its Huge. 5 TEHSWREL USA.
Page 6 from Treasure Map Presentation
TSHSIHREL TD USA, F?y'E?r? (U) TREASUREMAP as an Enabler 1?1" I. Persona Layer Cyoer Persona Layer Physical Network Layer Geographical Layer Dur mission
TSHSIHREL TD USA, F?y'E?r? (U) TREASUREMAP as an Enabler 1?1" I. Persona Layer Cyoer Persona Layer Physical Network Layer Geographical Layer Dur mission
Page 7 from Treasure Map Presentation
TSHSIHREL TD USA. (U) Current State (UHFOUO) Data Sources Open Source intelligence Academic Commercially Acquired SIGINT Information Assurance (UHFOUO) Available on multiple networks to many user groups 5-Eyes partners JWICS users - USG IC USG IC lDoD TREASUREMAP-SIPR (U) Nevv capabilities delivered every 90 days (U) 30+ Gigabytes of additional data added and replaced per day OSINT Open Source Publicly available Internet Meta-Data) TEHSWREL TD USA, F'v'E?r'
TSHSIHREL TD USA. (U) Current State (UHFOUO) Data Sources Open Source intelligence Academic Commercially Acquired SIGINT Information Assurance (UHFOUO) Available on multiple networks to many user groups 5-Eyes partners JWICS users - USG IC USG IC lDoD TREASUREMAP-SIPR (U) Nevv capabilities delivered every 90 days (U) 30+ Gigabytes of additional data added and replaced per day OSINT Open Source Publicly available Internet Meta-Data) TEHSWREL TD USA, F'v'E?r'
Page 8 from Treasure Map Presentation
TSHSIHREL TD LISA, J?il?E Peril: (U) Data Sources Feed the Machine
TSHSIHREL TD LISA, J?il?E Peril: (U) Data Sources Feed the Machine
Page 9 from Treasure Map Presentation
TSHSIHFEEL TD USA. FVET OSINT, Commercial Academich Plci. ?In. nah(UIIFOUO) BGP Gives the 300,000 foot trietmr of the Internet Defines routing across Autonomous Systems (AS) Origination of IP address spaces (Prefixes) to AS How the Internet gets knowledge of itself (IP address space) Commericaly purchased Data Sources Akamai, SOCIALSTAMP, SEASIDEFERRY Open Source Public BGP, IXP (RIPE), APNIC, ROUTEVIEWS, CERNET TD
TSHSIHFEEL TD USA. FVET OSINT, Commercial Academich Plci. ?In. nah(UIIFOUO) BGP Gives the 300,000 foot trietmr of the Internet Defines routing across Autonomous Systems (AS) Origination of IP address spaces (Prefixes) to AS How the Internet gets knowledge of itself (IP address space) Commericaly purchased Data Sources Akamai, SOCIALSTAMP, SEASIDEFERRY Open Source Public BGP, IXP (RIPE), APNIC, ROUTEVIEWS, CERNET TD
Page 10 from Treasure Map Presentation
TSHSIHFEEL TD USA. -. 1- l? (U) OSINT, Commercial Academicwmn - (UHFOUO) Traceroutes Router ?to- router links to targeted IP addresses Creates links between networking devices (routers) TM ingests approx. ~16?18 million traceroutes daily Gives the 300 foot View, router-to-router infrastructure Data Sources ARK Archipelago Project PACKAGEDGOODS SOCIALSTAMP - RUSTICBAGGAGE User Input w? TENSWHEL TD USA.
TSHSIHFEEL TD USA. -. 1- l? (U) OSINT, Commercial Academicwmn - (UHFOUO) Traceroutes Router ?to- router links to targeted IP addresses Creates links between networking devices (routers) TM ingests approx. ~16?18 million traceroutes daily Gives the 300 foot View, router-to-router infrastructure Data Sources ARK Archipelago Project PACKAGEDGOODS SOCIALSTAMP - RUSTICBAGGAGE User Input w? TENSWHEL TD USA.
Page 11 from Treasure Map Presentation
TSHSIHREL TD USA. AcademicIPi?ar?r? remap - (U) Registries - Information on netblock and AS ownership - (U) DNS - IP address to domain name matching - (U) Operating System (OS) Fingerprints Software and Operating System characteristics of networked devices ~30-50 million unique IP addresses represented per day
TSHSIHREL TD USA. AcademicIPi?ar?r? remap - (U) Registries - Information on netblock and AS ownership - (U) DNS - IP address to domain name matching - (U) Operating System (OS) Fingerprints Software and Operating System characteristics of networked devices ~30-50 million unique IP addresses represented per day
Page 12 from Treasure Map Presentation
TSHSIHFEEL TD USA. OUO) Traceroutes: . d? I l?(UHFOUO) Collects ?network measurement" data, on public internet (U) Random traceroutes and user requested (UHFOUO) PG-GTR Currently using JDD public traceroute sites to perform operations High target (full IP addresses) Capable of le4 and le? traceroutes daily (UHFOUO) PG-Seryer High yolume: ~65 million traceroutes per day Low targeting: le-l ?24 netblocks or higher Can do whole ASes, Country, Netblocks 13 covered servers in unwitting data centers around the globe - Asia: Malaysia, Singapore, Taiwan, China (2), Indonesia, Thailand, India - Europe 3; Russia: Poland, Russia, Germany, Ukraine, Latyia, Denmark - Africa: South Africa - South America: Argentina, Brazil TEHSWREL USA.
TSHSIHFEEL TD USA. OUO) Traceroutes: . d? I l?(UHFOUO) Collects ?network measurement" data, on public internet (U) Random traceroutes and user requested (UHFOUO) PG-GTR Currently using JDD public traceroute sites to perform operations High target (full IP addresses) Capable of le4 and le? traceroutes daily (UHFOUO) PG-Seryer High yolume: ~65 million traceroutes per day Low targeting: le-l ?24 netblocks or higher Can do whole ASes, Country, Netblocks 13 covered servers in unwitting data centers around the globe - Asia: Malaysia, Singapore, Taiwan, China (2), Indonesia, Thailand, India - Europe 3; Russia: Poland, Russia, Germany, Ukraine, Latyia, Denmark - Africa: South Africa - South America: Argentina, Brazil TEHSWREL USA.
Page 13 from Treasure Map Presentation
TSJISIHREL TD USA, (U) Coming Soon! Int?53721 J?il?E - PG-Server 2.0 Tasking of full IP address Choice of traceroute types: - ICMP - ICMP Paris - TCP - UDP Choice of PG-SVR (for source of traceroute) Auto-refresh
TSJISIHREL TD USA, (U) Coming Soon! Int?53721 J?il?E - PG-Server 2.0 Tasking of full IP address Choice of traceroute types: - ICMP - ICMP Paris - TCP - UDP Choice of PG-SVR (for source of traceroute) Auto-refresh
Page 14 from Treasure Map Presentation
TSHSIHFQEL TD USA. F'v?E?t' (U) Traceroutes - CAIDA (U) University of California, San Diego Cooperative Association for Internet Data Analysis Archipelago measurement platform TM data source: ARK (U) High volume: ~10 million traceroutes per day (U) Random targeting (I24 netblock, BGP advertised) (U) 44 Locations: Asia (5), Europe (15), Africa (2), North America (18), South America (2), Oceania (2) TSJISWREL TD USA,
TSHSIHFQEL TD USA. F'v?E?t' (U) Traceroutes - CAIDA (U) University of California, San Diego Cooperative Association for Internet Data Analysis Archipelago measurement platform TM data source: ARK (U) High volume: ~10 million traceroutes per day (U) Random targeting (I24 netblock, BGP advertised) (U) 44 Locations: Asia (5), Europe (15), Africa (2), North America (18), South America (2), Oceania (2) TSJISWREL TD USA,
Page 15 from Treasure Map Presentation
TSHSIHFEEL TD USA. FUET (UHFOUO) PACKAGEDGOODS - NTOC (S) Clandestine traceroute and DNS processor (SHSIHREL) BLACKPEARL SIGINT session 5-tupel, identified routers, routing protocols, SIGINT access points, (inferred SIGINT access points) (SHSIHR EL) LEAKYFAUCET Flow repository of 802.11 WiFi IP addresses and clients via STUN data (SHSIHREL) HYDROCASTLE 802.11 configuration data extracted from CNE activity in specific locations (Requires HYDROCASTLE account) (SHSIHREL) MASTERSHAKE FORNSAT and WiFi collection data (SHSIHREL) S-TRICKLER - NTOC - IP address fingerprints and potential vulnerabilities from FORNSAT collection In ?v To LISA. weir
TSHSIHFEEL TD USA. FUET (UHFOUO) PACKAGEDGOODS - NTOC (S) Clandestine traceroute and DNS processor (SHSIHREL) BLACKPEARL SIGINT session 5-tupel, identified routers, routing protocols, SIGINT access points, (inferred SIGINT access points) (SHSIHR EL) LEAKYFAUCET Flow repository of 802.11 WiFi IP addresses and clients via STUN data (SHSIHREL) HYDROCASTLE 802.11 configuration data extracted from CNE activity in specific locations (Requires HYDROCASTLE account) (SHSIHREL) MASTERSHAKE FORNSAT and WiFi collection data (SHSIHREL) S-TRICKLER - NTOC - IP address fingerprints and potential vulnerabilities from FORNSAT collection In ?v To LISA. weir
Page 16 from Treasure Map Presentation
TSHSIHFEEL TD USA. F'v'E?t' U) Internal Sources (Protected . (SHSIHREL) TOYGRIPPE - Repository of VPN endpoints (SHSIHREL) Router configuration files from CNE and passive SIGINT DISCOROUTE repository VITALAIRZ Autontated scaned IP addresses for TAO known vulnerabilities (UHFOUO) IPGeoTrap - Provides geolocation services for IP addressesfranges JOLLYROGER Provides metadata that describes the networking environment of TAO- implanted Windows PCs (Requires JOLLYROGER account) (UHFOUO) NTOC - Specific alerts from intrusion detection sensors - (not currently active) 3 USA.
TSHSIHFEEL TD USA. F'v'E?t' U) Internal Sources (Protected . (SHSIHREL) TOYGRIPPE - Repository of VPN endpoints (SHSIHREL) Router configuration files from CNE and passive SIGINT DISCOROUTE repository VITALAIRZ Autontated scaned IP addresses for TAO known vulnerabilities (UHFOUO) IPGeoTrap - Provides geolocation services for IP addressesfranges JOLLYROGER Provides metadata that describes the networking environment of TAO- implanted Windows PCs (Requires JOLLYROGER account) (UHFOUO) NTOC - Specific alerts from intrusion detection sensors - (not currently active) 3 USA.
Page 17 from Treasure Map Presentation
TSHSIHREL TD LISA, Til?E Igc?xftI: (U) The Whole is Greater than the Sum of the Parts
TSHSIHREL TD LISA, Til?E Igc?xftI: (U) The Whole is Greater than the Sum of the Parts
Page 18 from Treasure Map Presentation
TSHSIHFEEL TD USA. (U) Data Relationships Router Configuration Files Router Traceroutes Advertl?emem? Geolocatl on Autonomous u: an dress stem DU main SIGADICASN MAC Address NetblocI-t Names E11. Ex: Yellow links denotes direct relationships between data types. For example, we know which AS contains a router because we can relate a router to IP Addresses, IP Addresses to IP Pre?xes, then IP Pre?xes to an AS. TD USA,
TSHSIHFEEL TD USA. (U) Data Relationships Router Configuration Files Router Traceroutes Advertl?emem? Geolocatl on Autonomous u: an dress stem DU main SIGADICASN MAC Address NetblocI-t Names E11. Ex: Yellow links denotes direct relationships between data types. For example, we know which AS contains a router because we can relate a router to IP Addresses, IP Addresses to IP Pre?xes, then IP Pre?xes to an AS. TD USA,
Page 19 from Treasure Map Presentation
if] EL Announcements Potential Satellite Hops Graph simplified for presentation purpose Stulo AS: Molti-hometl EL Single hometl TD LISA, F'IurlE?l?r
if] EL Announcements Potential Satellite Hops Graph simplified for presentation purpose Stulo AS: Molti-hometl EL Single hometl TD LISA, F'IurlE?l?r
Page 20 from Treasure Map Presentation
TD (U) and Registries Tl'l Fit:th Teleleem A. Etris It I I. n. I. urn Unet Hell-er li'Jr'JL?i . E55 Tl'ne?r Aul'molnol? Erstem ?l I. Ujlilrrl?liL?mrl'j I 5? TM Net, intern-st ieren iuuljorl Curl-mall} Jr? I ilnii'rh'i 1m. a. a. INTEL-ASH I?ntol Teleoom LEUELE Level 3 mmlcotlons Singapore Plovider Petisi'an Teleoom lelted State I?titute a I. I .- of leclnoloqies and or FREE-NET-F. I'RlInet Graph simplified for presentation purpose LISA, Pu'E?r'
TD (U) and Registries Tl'l Fit:th Teleleem A. Etris It I I. n. I. urn Unet Hell-er li'Jr'JL?i . E55 Tl'ne?r Aul'molnol? Erstem ?l I. Ujlilrrl?liL?mrl'j I 5? TM Net, intern-st ieren iuuljorl Curl-mall} Jr? I ilnii'rh'i 1m. a. a. INTEL-ASH I?ntol Teleoom LEUELE Level 3 mmlcotlons Singapore Plovider Petisi'an Teleoom lelted State I?titute a I. I .- of leclnoloqies and or FREE-NET-F. I'RlInet Graph simplified for presentation purpose LISA, Pu'E?r'
Page 21 from Treasure Map Presentation
TD USA. (U) Internet ?flow? to a ?Network? Tit?5*: no Graph simplified for on purpose They?re color-coded by country. Big deal. TD USA,
TD USA. (U) Internet ?flow? to a ?Network? Tit?5*: no Graph simplified for on purpose They?re color-coded by country. Big deal. TD USA,
Page 22 from Treasure Map Presentation
EL TD LJ (U) With 1?4 as; 1' Correlation of IP Address with AS EL 1' 5 Country 1T4 rus?: . . . a? - Hops . I --.. - .. 171T4 rust; Addresses (private IP address spaceNetwork Bottlenecks Graph sln1 plIfI ed for presentation purpose TO USA,
EL TD LJ (U) With 1?4 as; 1' Correlation of IP Address with AS EL 1' 5 Country 1T4 rus?: . . . a? - Hops . I --.. - .. 171T4 rust; Addresses (private IP address spaceNetwork Bottlenecks Graph sln1 plIfI ed for presentation purpose TO USA,
Page 23 from Treasure Map Presentation
HF: EL TD Pu" E"r' LISA, a all Graph simplified for presentation purppse
HF: EL TD Pu" E"r' LISA, a all Graph simplified for presentation purppse
Page 24 from Treasure Map Presentation
TSHSIHHEL TD USA, (U) IP Geolocation Data Til?E Ii?v?F
TSHSIHHEL TD USA, (U) IP Geolocation Data Til?E Ii?v?F
Page 25 from Treasure Map Presentation
TSHSIHHEL TD USA, J?il?E (U) Seeing in the Water
TSHSIHHEL TD USA, J?il?E (U) Seeing in the Water
Page 26 from Treasure Map Presentation
EL TD Fin-?E? 1 writRed Links: Red Ccre ches: SIGINT Ccllecticn access pcints between SIGINT 333355 PDintS Within A5 :rc. FH?xbjri-H Psi-net zed serge: ntng'L i . '21 I +5.3 .- as u: rum-e 1:5 as 3 ?a .. 1.5- 33 - .x a hat"; . -. a JF fir-I-FI Fl. ?Ema TI: In t-Ii'rlrl tic-1 it: if: in [His Funk.? IE em? LI L: In? cs. 41mm x" Eer'u' ce iredder 2 ?1 inn! !i '1 - JP sewice crevicer ic [Jens-e a [teasing acts-scra? 1 . Ltd- [Arth _h LENS L'Li?ri'dl .L'iirt-LiliIEc: ?ags {hen Ln 'T'erslta?l?b?l nejrm+__ Red Hinged che: ches within A5 are SIGINT Referenced Graph BimP'i?E?d Presentati?n PUFPDSE TD USA, F'ifE?r?
EL TD Fin-?E? 1 writRed Links: Red Ccre ches: SIGINT Ccllecticn access pcints between SIGINT 333355 PDintS Within A5 :rc. FH?xbjri-H Psi-net zed serge: ntng'L i . '21 I +5.3 .- as u: rum-e 1:5 as 3 ?a .. 1.5- 33 - .x a hat"; . -. a JF fir-I-FI Fl. ?Ema TI: In t-Ii'rlrl tic-1 it: if: in [His Funk.? IE em? LI L: In? cs. 41mm x" Eer'u' ce iredder 2 ?1 inn! !i '1 - JP sewice crevicer ic [Jens-e a [teasing acts-scra? 1 . Ltd- [Arth _h LENS L'Li?ri'dl .L'iirt-LiliIEc: ?ags {hen Ln 'T'erslta?l?b?l nejrm+__ Red Hinged che: ches within A5 are SIGINT Referenced Graph BimP'i?E?d Presentati?n PUFPDSE TD USA, F'ifE?r?
Page 27 from Treasure Map Presentation
TD USA. Traceroute overlaid with SIGINT and other Router Configuration DE Fmgerpr'ms Router lti'endor:t3istNode Referenced in SIGINT Shields: IP Addresses Undersoore AS: ?Operational? AS TD USA, F?Iul'E?f'
TD USA. Traceroute overlaid with SIGINT and other Router Configuration DE Fmgerpr'ms Router lti'endor:t3istNode Referenced in SIGINT Shields: IP Addresses Undersoore AS: ?Operational? AS TD USA, F?Iul'E?f'
Page 28 from Treasure Map Presentation
TD USA. Known Devices Scurces: DISCOROUTE rcuter ccnfiguraticn repcsitcry) Display infrastructure, as ccnfigured in rcuter ccnfiguraticn files - Where rcuter accessed from (pcssible - sewers configured for rcuter DNS, Radius, TACACS) TO USA,
TD USA. Known Devices Scurces: DISCOROUTE rcuter ccnfiguraticn repcsitcry) Display infrastructure, as ccnfigured in rcuter ccnfiguraticn files - Where rcuter accessed from (pcssible - sewers configured for rcuter DNS, Radius, TACACS) TO USA,
Page 29 from Treasure Map Presentation
TD USA. FUET (SHSIHREL) Known Devices Sources: DISCOROUTE (NAG router configuration repository54'. . I . I: Routerdata in tables I I Fmiir F: Fir rho; r11 Finn? - I EDT: i'n'ILIr f-tFtE Ht'tT - I TD USA,
TD USA. FUET (SHSIHREL) Known Devices Sources: DISCOROUTE (NAG router configuration repository54'. . I . I: Routerdata in tables I I Fmiir F: Fir rho; r11 Finn? - I EDT: i'n'ILIr f-tFtE Ht'tT - I TD USA,
Page 30 from Treasure Map Presentation
.- Ir - ?alr 39.254.60- LEE-SIN 1 TD USA. EDP Router Report: P?fil??l FDIC Cisco Discovery Protocol (CDP) ELF Involz bwitching Protocol ?5 Hounzry ..-1. 1:31 mm? 5?6 ?ourcez ED LEL ?32310 I TD USA,
.- Ir - ?alr 39.254.60- LEE-SIN 1 TD USA. EDP Router Report: P?fil??l FDIC Cisco Discovery Protocol (CDP) ELF Involz bwitching Protocol ?5 Hounzry ..-1. 1:31 mm? 5?6 ?ourcez ED LEL ?32310 I TD USA,
Page 31 from Treasure Map Presentation
TD USA. (UIIFOUO) 302.11 WiFi Data Display and correlation of 802.11 wireless networks and clients Sources 1* account required) J. TD USA,
TD USA. (UIIFOUO) 302.11 WiFi Data Display and correlation of 802.11 wireless networks and clients Sources 1* account required) J. TD USA,
Page 32 from Treasure Map Presentation
TD USA. F'v?E?r' (U) Communities Individual IP addresses related by a common attribute - TOR router Servers (DNS, NTP, SNMP, TACACS, RADIUS) - Hide IP NG Proxy Servers - BYZANTINE HADES Infrastructure hostinnfected hosts - Sources: (Varies) Currently TOR router advertisements TD USA,
TD USA. F'v?E?r' (U) Communities Individual IP addresses related by a common attribute - TOR router Servers (DNS, NTP, SNMP, TACACS, RADIUS) - Hide IP NG Proxy Servers - BYZANTINE HADES Infrastructure hostinnfected hosts - Sources: (Varies) Currently TOR router advertisements TD USA,
Page 33 from Treasure Map Presentation
EL TD LJ E- II- H-u .?al?dl'allnam - - If] EFFICA. LEE Grandad: 11?191'2010 Modi?ed: 13:1.21 ERR #1511] . I IE.- Evl? ;Iii - . I . at] F. 3?1] 'J-H?ol 3?51?: ?3311geese-I; gig-3;; I 333312; I LEEDEIEI I LEE-ISM I $332935 313327: AEI E-II A I H: Film I ll'.l I :uu. ?31'1" .l I h? 2-39? cm 7343 3.3.11- ?3 CW 73' I533 ?In. 51' I II IE EW 51": ?in. I 13:1:- Fin-'7- IZITICA. LEE I: Ll'l' TSHSIHREL TD USA, F?qu'E?fr
EL TD LJ E- II- H-u .?al?dl'allnam - - If] EFFICA. LEE Grandad: 11?191'2010 Modi?ed: 13:1.21 ERR #1511] . I IE.- Evl? ;Iii - . I . at] F. 3?1] 'J-H?ol 3?51?: ?3311geese-I; gig-3;; I 333312; I LEEDEIEI I LEE-ISM I $332935 313327: AEI E-II A I H: Film I ll'.l I :uu. ?31'1" .l I h? 2-39? cm 7343 3.3.11- ?3 CW 73' I533 ?In. 51' I II IE EW 51": ?in. I 13:1:- Fin-'7- IZITICA. LEE I: Ll'l' TSHSIHREL TD USA, F?qu'E?fr
Page 34 from Treasure Map Presentation
TSHSIHFEEL TD USA. F'v'E?t' (UIIFOUO) TREASUREMAP Workspace - (UIIFOUO) Toolbar: Offers access to a variety of commonly used func?ons - (UIIFOUO) Search Pane: Input search parameters (UIIFOUO) Advanced Search Options: Preferences for searches (UIIFOUO) Release my search to PG: Requesting traceroutes for target IP addresses - (UIIFOUO) Other Searches: Includes Router, DNS, Batch IPIMAC and JOLLYROGER Legend: Contains all of the icons and decorations as seen in an active graph - (UIIFOUO) Send Feedback: Provides a vvay to communicate questions, comments or problems to the TREASUREMAP team. w_ TEJJEWHEL TD USA,
TSHSIHFEEL TD USA. F'v'E?t' (UIIFOUO) TREASUREMAP Workspace - (UIIFOUO) Toolbar: Offers access to a variety of commonly used func?ons - (UIIFOUO) Search Pane: Input search parameters (UIIFOUO) Advanced Search Options: Preferences for searches (UIIFOUO) Release my search to PG: Requesting traceroutes for target IP addresses - (UIIFOUO) Other Searches: Includes Router, DNS, Batch IPIMAC and JOLLYROGER Legend: Contains all of the icons and decorations as seen in an active graph - (UIIFOUO) Send Feedback: Provides a vvay to communicate questions, comments or problems to the TREASUREMAP team. w_ TEJJEWHEL TD USA,
Page 35 from Treasure Map Presentation
TSJISIHREL TD USA, F'u'E?r' (UIIFOUO) TREASUREMAP Search Items IP Address Routers (UIIFOUO) DNS (FQN) MAC address 1? 802.11 BSSID 1? 802.11 SSID IP Prefix 1? Range (CIDR Notation) Registry Netblock SIGAD andr?or Case Notation (UIIFOUO) Country! IP Country Code (UIIFOUO) Autonomous System (AS) Number 10. (UIIFOUO) Free Text .
TSJISIHREL TD USA, F'u'E?r' (UIIFOUO) TREASUREMAP Search Items IP Address Routers (UIIFOUO) DNS (FQN) MAC address 1? 802.11 BSSID 1? 802.11 SSID IP Prefix 1? Range (CIDR Notation) Registry Netblock SIGAD andr?or Case Notation (UIIFOUO) Country! IP Country Code (UIIFOUO) Autonomous System (AS) Number 10. (UIIFOUO) Free Text .
Page 36 from Treasure Map Presentation
TD USA. ?It E-:t e: ?11 .1 111:1 IE- Nude.- detail u-us I I: Traceruute routing infrastructure Links I II Jr?er a mu Iii-lit 143% mummy Summary I Information "mm, mm. 21:11:: Tar-Jet ?at-2H: Tar-:b.3151 I.I- II- II IT IT TI: JEA. TD USA,
TD USA. ?It E-:t e: ?11 .1 111:1 IE- Nude.- detail u-us I I: Traceruute routing infrastructure Links I II Jr?er a mu Iii-lit 143% mummy Summary I Information "mm, mm. 21:11:: Tar-Jet ?at-2H: Tar-:b.3151 I.I- II- II IT IT TI: JEA. TD USA,
Page 37 from Treasure Map Presentation
Hui?. 53]] Elli-L?ilw-I. an. _Gu I - Emu: gm name gunman-Jana Ems. male tumm- - arr-mm Fr'hl Inlj I I qurInirm-urlj' I I'il'll'l PET. lql'llri an I1 II I'h: HpimhhlrI? imIlThI 'Ilnll'l'la-I: uni-:l 13mer :11" il'nln-Illr .TI rIIllinI: 'I'ilh lh' Inn. 'Iln. I Tm'ul? Irhh ?Jill-II 1M wnlinul ILL- l'll?ll. uni] :wu: apt-n Mumvm will: Iu 11ml?. L?usmuamu'mm IJHH: l-?JJm-?Ji' .1. ma: :5 1] hme. In: .111:- n: 111-9 g; CI: .L'i min-{Jug 112-74.- rem .111. I . 5:51 r. :t'uthcu. a: . - urtlu.r_.._ wall L: Lela?2c}. Iii-1.15. alme Lani-Lilla: mm'?n?l?un mil Lam-?- M?m Hm m?m? urI. NEH. Inn and nil: - Small text-d ueries Dunduul. mammw W's? Hun in?ammat- DDW I- 621:. 341.:3. '12! . . . . - Min-55.1.! Emmi.? tum! 5.33133: all? I .iti Hana. ?ll?llrm 13.3.. 1rd ate I 1955:]- C1 I I F: D?n'rIrnunT?nl E?j? I I mE-?fl I T-t'rlifjr i-t'rlifj: nrhnal van-m pr-i-?H I wring Til-If v?'lr'rk ninth r'f?w'i "It: . In" I 31.1. In: In I: ll ll E-IHI Ilia-wk Hz: m: Hz: urn-(Lam. -.I- 'u I: Lid. Lin'I-Trw Flt-u 'rh rmr'.? - 'trr. hm" 55?? II he]; (client: .L'd Lita-hr. 5-H: net: ml Iri?u? I 1: Ed (2-H: In?: -. . j. I, - Ll'L'rr- I T: l'uPrr .- Brim-r: Jul ~rn'm3"un'" - Ff? - bur-J.- hz- uni-e TO USA,
Hui?. 53]] Elli-L?ilw-I. an. _Gu I - Emu: gm name gunman-Jana Ems. male tumm- - arr-mm Fr'hl Inlj I I qurInirm-urlj' I I'il'll'l PET. lql'llri an I1 II I'h: HpimhhlrI? imIlThI 'Ilnll'l'la-I: uni-:l 13mer :11" il'nln-Illr .TI rIIllinI: 'I'ilh lh' Inn. 'Iln. I Tm'ul? Irhh ?Jill-II 1M wnlinul ILL- l'll?ll. uni] :wu: apt-n Mumvm will: Iu 11ml?. L?usmuamu'mm IJHH: l-?JJm-?Ji' .1. ma: :5 1] hme. In: .111:- n: 111-9 g; CI: .L'i min-{Jug 112-74.- rem .111. I . 5:51 r. :t'uthcu. a: . - urtlu.r_.._ wall L: Lela?2c}. Iii-1.15. alme Lani-Lilla: mm'?n?l?un mil Lam-?- M?m Hm m?m? urI. NEH. Inn and nil: - Small text-d ueries Dunduul. mammw W's? Hun in?ammat- DDW I- 621:. 341.:3. '12! . . . . - Min-55.1.! Emmi.? tum! 5.33133: all? I .iti Hana. ?ll?llrm 13.3.. 1rd ate I 1955:]- C1 I I F: D?n'rIrnunT?nl E?j? I I mE-?fl I T-t'rlifjr i-t'rlifj: nrhnal van-m pr-i-?H I wring Til-If v?'lr'rk ninth r'f?w'i "It: . In" I 31.1. In: In I: ll ll E-IHI Ilia-wk Hz: m: Hz: urn-(Lam. -.I- 'u I: Lid. Lin'I-Trw Flt-u 'rh rmr'.? - 'trr. hm" 55?? II he]; (client: .L'd Lita-hr. 5-H: net: ml Iri?u? I 1: Ed (2-H: In?: -. . j. I, - Ll'L'rr- I T: l'uPrr .- Brim-r: Jul ~rn'm3"un'" - Ff? - bur-J.- hz- uni-e TO USA,
Page 38 from Treasure Map Presentation
TSHSIHHEL TD USA, 4 "i . (UIIFOUO) TREASUREMAP Contact Infomm Government Lead - Customer Support Team - Email: DL
TSHSIHHEL TD USA, 4 "i . (UIIFOUO) TREASUREMAP Contact Infomm Government Lead - Customer Support Team - Email: DL