![]() Querying a domain name that is associated with cryptocurrency-relatedĮnvironment is querying a domain name that is associated with Bitcoin or other CryptoCurrency:EC2/BitcoinTool.B!DNS An EC2 instance is If this activity is unexpected, your instance is likely compromised, see Remediating a compromised EC2 instance. To learn more about creating suppression rules see Suppression rules. The second filterĬriteria should be the Instance ID of the instance involved Value of CryptoCurrency:EC2/BitcoinTool.B. Should use the Finding type attribute with a The suppression rule should consist of two filter criteria. If this is the case in your AWSĮnvironment, we recommend that you set up a suppression rule for this finding. Instance is otherwise involved in blockchain activity, this finding could beĮxpected activity for your environment. If you use this EC2 instance to mine or manage cryptocurrency, or this Bitcoin is a reward for bitcoin-mining and is highly sought after by Bitcoin is a worldwide cryptocurrency andĭigital payment system that can be exchanged for other currencies, products, and This finding informs you that the listed EC2 instance in your AWSĮnvironment is querying an IP Address that is associated with Bitcoin or otherĬryptocurrency-related activity. UnauthorizedAccess:EC2/MetadataDNSRebindīackdoor:EC2/C&CActivity.B An EC2 instance is queryingĪn IP that is associated with a known command and control server.UnauthorizedAccess:EC2/MaliciousIPCaller.Custom.Impact:EC2/SuspiciousDomainRequest.Reputation.Impact:EC2/MaliciousDomainRequest.Reputation.Impact:EC2/BitcoinDomainRequest.Reputation. ![]() Impact:EC2/AbusedDomainRequest.Reputation.Backdoor:EC2/DenialOfService.UnusualProtocol.Backdoor:EC2/DenialOfService.UdpOnTcpPorts. ![]()
0 Comments
Leave a Reply. |