Possible Container Miner related artifacts detected

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Query uses syslog data to alert on artifacts from container images used in digital cryptocurrency mining, often seen post Log4j vulnerability (CVE-2021-44228) exploitation.

Attribute	Value
Type	Hunting Query
Solution	Apache Log4j Vulnerability Detection
ID	6fee32b3-3271-4a3f-9b01-dbd9432a1707
Tactics	Impact, Execution
Techniques	T1496, T1203
Required Connectors	Syslog
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
Syslog	Facility == "user" SyslogMessage has "AUOMS_EXECVE"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Apache Log4j Vulnerability Detection