Alerts  /  CPU/GPU Miner Network Traffic
Is this alert valuable?

Details

This alert title has been seen 1 times in the last 7 days across Smiths Cogwheels, Inc.

Status:
Status Reason:
None
First Activity:
2024/03/07 00:21:17 UTC (23 days ago)
Last Activity:
2024/03/09 14:29:16 UTC (21 days ago)
Inserted At:
2024/03/07 00:25:05 UTC (23 days ago)
Severity:
Medium (0.5)
Threat Score:
5.0
Tenant:
Smiths Cogwheels, Inc. (96072)
Detector:
Taegis Watchlist
Tactics:
Impact
Sensor Types:
Corelight
Confidence:
100%
Source IP Address:
Destination IP Address:
IP Address:
Hostname:
Agent/Sensor ID:
Domain:
Investigations:
This alert has not been added to an investigation.
Occurrence Count:
59
Grouped by (Group Key):
96072:app:event-filter:dnsquery:26911605-7860-4597-985e-f804a67b7055:sensor_172_16_11_5:172.16.23.15:172.16.14.100:monerohash.com:2024-03-07

Affected Agents  (4)

Last Updated:
2024/03/30 09:55:45 UTC
OS Distributor:
OS Family:
WINDOWS
OS Version:
10.0.14393
Tags:
PRA:CRITICAL_NO_RESPONSEROLE:DCTestTag:JP
Last Updated:
2024/03/30 09:18:11 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
WindowsServer2019
Most Recent Address:
172.16.23.15 
Last Updated:
2023/07/10 22:50:22 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
WindowsServer2019
Most Recent Address:
172.16.23.15 
Last Updated:
2022/08/18 17:51:50 UTC
OS Distributor:
Microsoft
OS Family:
WINDOWS
OS Version:
VERSION_SERVER_2016
Most Recent Address:
172.16.14.100 
Tags:
TAG_YOUR_IT:PTisolation_test:DomainController:VIP:

Open alerts (0) for Related Entities

Open alerts within past 72 hours from alert creation
NO DATA
Agent/Sensor ID (sensor_172_16_11_5)
0
Destination IP Address (172.16.14.100)
0
Domain (monerohash.com)
0
Hostname (SRA-DC01)
0
IP Address (107.191.99.221)
0
Similar Alert Titles based on Rule ID (26911605-7860-4597-985e-f804a67b7055)
0
Source IP Address (172.16.23.15)
0

Closed alerts (1636) for Related Entities

Closed alerts within past 30 days from alert creation
Not Actionable (19)True Positive Malicious (79)Suppressed (1.5k)
Agent/Sensor ID (sensor_172_16_11_5)
7
26
1.5k
1.6k
Destination IP Address (172.16.14.100)
3
6
9
Domain (monerohash.com)
1
7
8
Hostname (SRA-DC01)
3
6
9
IP Address (107.191.99.221)
5
25
30
Similar Alert Titles based on Rule ID (26911605-7860-4597-985e-f804a67b7055)
1
6
7
Source IP Address (172.16.23.15)
5
9
14

Open or closed investigations (19) for Related Entities

Open or closed investigations within past 30 days
DNS Server (ip_address:172.16.14.100)
5
Domain Name (monerohash.com)
7
IP Addresses (172.16.23.15 +1 more)
7
Alert Description
Counter Threat Unit™
A netflow event associated with the open source CPU/GPU miner XMRig was identified. This activity may indicate that the host has been compromised.

External References

First Event Details

We are showing the First Event Details out of 60 events. If you want to see more, please go to Events tab.

DNS
Event Time:
2024/03/07 00:21:17 UTC · 23 days ago
Ingest Time:
2024/03/07 00:24:53 UTC · 23 days ago
Query Name:
monerohash.com
Query Class:
IN: Internet
Query Type:
A: Address record RFC-1035
Responses:
107.191.99.221
Sensor ID:
sensor_172_16_11_5
Tenant:
(96072)

WHOIS (1)

Domain Name:
monerohash.com
Admin Name:
WhoisAgent