Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
30 Minutes |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An identity allocated an unusual compute resource pool, suspected as mining activity.
Attacker's Goals
Leverage cloud compute resources to earn virtual currency.
Investigative actions
- Check the identity created resources and its legitimacy.
- Look for any unusual behavior originated from the suspected identity, and check if they're compromised, e.g. Access key, Service account, etc.
Variations
Abnormal Unusual allocation of compute resources in multiple regionsAbnormal Suspicious allocation of compute resources in multiple regions
Abnormal Allocation of compute resources in a high number of regions
Abnormal Allocation of compute resources in multiple regions by an unusual identity