Network traffic to a crypto miner related domain detected

Cortex XDR Analytics Alert Reference by Alert name

Product
Cortex XDR
Last date published
2024-10-08
Category
Analytics Alert Reference
Order
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

1 Day

Required Data

  • Requires:
    • XDR Agent

Detection Modules

Detector Tags

Kubernetes - AGENT

ATT&CK Tactic

Impact (TA0040)

ATT&CK Technique

Resource Hijacking (T1496)

Severity

Informational

Description

A network connection attempt was performed to a suspected crypto miner related domain.

Attacker's Goals

Validate transactions on cryptocurrency networks and earn virtual currency.

Investigative actions

Block all network traffic to known crypto miners related domain.

Variations

Suspicious network traffic to a crypto miner related domain from within a Kubernetes pod

Synopsis

ATT&CK Tactic

Impact (TA0040)

ATT&CK Technique

Resource Hijacking (T1496)

Severity

Medium

Description

A network connection was established to a suspected crypto miner related domain from within a Kubernetes Pod.

Attacker's Goals

Validate transactions on cryptocurrency networks and earn virtual currency.

Investigative actions

Block all network traffic to known crypto miners related domain.


Suspicious network traffic to a crypto miner related domain

Synopsis

ATT&CK Tactic

Impact (TA0040)

ATT&CK Technique

Resource Hijacking (T1496)

Severity

Low

Description

A network connection was established to a suspected crypto miner related domain.

Attacker's Goals

Validate transactions on cryptocurrency networks and earn virtual currency.

Investigative actions

Block all network traffic to known crypto miners related domain.


Suspicious DNS traffic to a crypto miner related domain from within a Kubernetes pod

Synopsis

ATT&CK Tactic

Impact (TA0040)

ATT&CK Technique

Resource Hijacking (T1496)

Severity

Low

Description

A DNS query was established to a suspected crypto miner related domain from within a Kubernetes Pod.

Attacker's Goals

Validate transactions on cryptocurrency networks and earn virtual currency.

Investigative actions

Block all network traffic to known crypto miners related domain.


Suspicious DNS traffic to a crypto miner related domain

Synopsis

ATT&CK Tactic

Impact (TA0040)

ATT&CK Technique

Resource Hijacking (T1496)

Severity

Low

Description

A DNS query attempt was performed to a suspected crypto miner related domain.

Attacker's Goals

Validate transactions on cryptocurrency networks and earn virtual currency.

Investigative actions

Block all network traffic to known crypto miners related domain.