<  Back to rules search

DNS lookup for cryptocurrency mining pool

Classification:

attack

Tactic:

Technique:

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Attackers often use compromised cloud infrastructure to mine cryptocurrency.

Strategy

Detect when a process performs a DNS lookup for a domain related to cryptomining.

Triage and response

{{@process.executable.name}} performed a DNS lookup for {{@dns.question.name}}

  1. Contain the host or container and roll back to a known good configuration.
  2. Review the process tree and determine the initial entry point.

Requires Agent version 7.36 or greater