Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
30 Minutes |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An identity allocated an unusual compute resource pool, suspected as mining activity.
Attacker's Goals
Leverage cloud compute resources to earn virtual currency.
Investigative actions
- Check the identity created resources and its legitimacy.
- Look for any unusual behavior originated from the suspected identity, and check if they're compromised, e.g. Access key, Service account, etc.
Variations
Unusual allocation of compute resources in multiple regionsSuspicious allocation of compute resources in multiple regions
Allocation of compute resources in a high number of regions