CPU/GPU Miner Network Traffic
Is this alert valuable?
Details
This alert title has been seen 1 times in the last 7 days across Smiths Cogwheels, Inc.
Status:
Status Reason:
None
First Activity:
2024/03/07 00:21:17 UTC (23 days ago)
Last Activity:
2024/03/09 14:29:16 UTC (21 days ago)
Inserted At:
2024/03/07 00:25:05 UTC (23 days ago)
Severity:
Medium (0.5)
Threat Score:
5.0
Tenant:
Detector:
Taegis Watchlist
Tactics:
Impact
Techniques:
Sensor Types:
Confidence:
100%
Source IP Address:
Destination IP Address:
IP Address:
Hostname:
Agent/Sensor ID:
Domain:
Investigations:
This alert has not been added to an investigation.
Occurrence Count:
59
Grouped by (Group Key):
96072:app:event-filter:dnsquery:26911605-7860-4597-985e-f804a67b7055:sensor_172_16_11_5:172.16.23.15:172.16.14.100:monerohash.com:2024-03-07
Affected Agents (4)
Last Updated:
2024/03/30 09:55:45 UTC
OS Distributor:
OS Family:
WINDOWS
OS Version:
10.0.14393
Tags:
Last Updated:
2024/03/30 09:18:11 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
WindowsServer2019
Most Recent Address:
172.16.23.15
Last Updated:
2023/07/10 22:50:22 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
WindowsServer2019
Most Recent Address:
172.16.23.15
Last Updated:
2022/08/18 17:51:50 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
VERSION_SERVER_2016
Most Recent Address:
172.16.14.100
Tags:
Open alerts (0) for Related Entities
Open alerts within past 72 hours from alert creationNO DATA
Agent/Sensor ID (sensor_172_16_11_5)
0
Destination IP Address (172.16.14.100)
0
Domain (monerohash.com)
0
Hostname (SRA-DC01)
0
IP Address (107.191.99.221)
0
Similar Alert Titles based on Rule ID (26911605-7860-4597-985e-f804a67b7055)
0
Source IP Address (172.16.23.15)
0
Closed alerts (1636) for Related Entities
Closed alerts within past 30 days from alert creationAgent/Sensor ID (sensor_172_16_11_5)
1.6k
Destination IP Address (172.16.14.100)
9
Domain (monerohash.com)
8
Hostname (SRA-DC01)
9
IP Address (107.191.99.221)
30
Similar Alert Titles based on Rule ID (26911605-7860-4597-985e-f804a67b7055)
7
Source IP Address (172.16.23.15)
14
Open or closed investigations (19) for Related Entities
Open or closed investigations within past 30 daysDNS Server (ip_address:172.16.14.100)
5
Domain Name (monerohash.com)
7
IP Addresses (172.16.23.15 +1 more)
7
A netflow event associated with the open source CPU/GPU miner XMRig was identified. This activity may indicate that the host has been compromised.
External References
No external references for this alert.
First Event Details
We are showing the First Event Details out of 60 events. If you want to see more, please go to Events tab.
DNS
Table
Normalized
Original
Event Time:
2024/03/07 00:21:17 UTC · 23 days ago
Ingest Time:
2024/03/07 00:24:53 UTC · 23 days ago
Query Name:
monerohash.com
Query Class:
IN: Internet
Query Type:
A: Address record RFC-1035
Responses:
107.191.99.221
Sensor ID:
sensor_172_16_11_5
Tenant:
(96072)
WHOIS (1)
Domain Name:
monerohash.com
Admin Name:
WhoisAgent