Crypto Miner: [ 207.148.17.158 ]
This alert is triggered when a device in the monitored network is involved in cryptocurrency mining communication with the specific IP address.
ID Number
4000467
Signature
alert tcp any any <> 207.148.17.158 any ( msg: Crypto Miner: [ 207.148.17.158 ]" ; rev:1; sid:4000467; )"
MITRE ATT&CK Technique
T1496: Resource Hijacking
Severity
High
Recommendations/Investigative actions
It is recommended to block all communication to this IP address and identify the internal device(s) communicating with this IP address. Investigate the nature of the traffic and the software or processes responsible for it.