Connection to cryptomining pool

Classification:

attack

Tactic:

TA0040-impact

Technique:

T1496-resource-hijacking

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when a resource connects to a known cryptocurrency mining pool.

Strategy

This detection enriches network flow data with threat intelligence and alerts when a destination domain is categorized as a mining pool.

Triage and response

  1. Use host metrics to verify if a spike in CPU usage occurred. If it did, determine the responsible process.
  2. Isolate the workload, preserving it for analysis.
  3. Determine the initial entry point using related signals and relevant logs.
  4. Find and repair the root cause of the incident.

This detection is based on data from Cloud Network Monitoring.

PREVIEWING: drodriguezhdez/add_public_docs_log_summarization