EXPLORE
Sign In
← Back to Explore
T1496

Resource Hijacking

Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. Resource hijacking may take a number of different forms. For example, adversaries may: * Leverage compute resources in order to mine cryptocurrency * Sell network bandwidth to proxy networks * Generate SMS traffic for profit * Abuse cloud-based messaging services to send large quantities of spam messages In some cases, adversaries may le...

WindowsIaaSLinuxmacOSContainersSaaS
20
Detections
2
Sources
0
Threat Actors

BY SOURCE

13sigma7elastic

PROCEDURES (16)

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Cloud Monitoring2 detections

Auto-extracted: 2 detections for cloud monitoring

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Azure1 detections

Auto-extracted: 1 detections for azure

Azure1 detections

Auto-extracted: 1 detections for azure

Kubernetes1 detections

Auto-extracted: 1 detections for kubernetes

Service1 detections

Auto-extracted: 1 detections for service

Dns1 detections

Auto-extracted: 1 detections for dns

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Dns1 detections

Auto-extracted: 1 detections for dns

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Email1 detections

Auto-extracted: 1 detections for email

Service1 detections

Auto-extracted: 1 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Email1 detections

Auto-extracted: 1 detections for email

DETECTIONS (20)

AWS SNS Rare Protocol Subscription by User
elasticlow
AWS SNS Topic Created by Rare User
elasticlow
AWS SNS Topic Message Publish by Rare User
elasticmedium
Azure Container Registry Created or Deleted
sigmalow
Azure Kubernetes Cluster Created or Deleted
sigmalow
Azure Kubernetes Network Policy Change
sigmamedium
Azure Kubernetes RoleBinding/ClusterRoleBinding Modified and Deleted
sigmamedium
Azure Kubernetes Secret or Config Object Access
sigmamedium
Azure Kubernetes Sensitive Role Access
sigmamedium
Azure Kubernetes Service Account Modified or Deleted
sigmamedium
DNS Events Related To Mining Pools
sigmalow
Linux Crypto Mining Indicators
sigmahigh
Linux Crypto Mining Pool Connections
sigmahigh
Memory Swap Modification
elasticmedium
Monero Crypto Coin Mining Pool Lookup
sigmahigh
Network Communication With Crypto Mining Pool
sigmahigh
Newly Observed Process Exhibiting High CPU Usage
elastichigh
Potential Crypto Mining Activity
sigmahigh
Potential Malware-Driven SSH Brute Force Attempt
elasticmedium
Suspicious Mining Process Creation Event
elasticmedium