Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Kubernetes - AGENT |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A network connection attempt was performed to a suspected crypto miner related domain.
Attacker's Goals
Validate transactions on cryptocurrency networks and earn virtual currency.
Investigative actions
Block all network traffic to known crypto miners related domain.
Variations
Suspicious network traffic to a crypto miner related domain from within a Kubernetes podSuspicious network traffic to a crypto miner related domain
Suspicious DNS traffic to a crypto miner related domain from within a Kubernetes pod
Suspicious DNS traffic to a crypto miner related domain