Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
Kubernetes - API |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
High |
Description
A cloud API was called from a Tor exit node.
Attacker's Goals
Conceal information about malicious activities, such as location and network usage.
Investigative actions
Block all web traffic to and from public Tor entry and exit nodes.
Variations
Suspicious Kubernetes API call from a Tor exit nodeA Failed API call from a Tor exit node