bitcoin_node_internal_external

Suggest Edits

Explanation

The bitcoin_node_internal_external event monitors network traffic for possible Bitcoin mining activity. Bitcoin mining is a process of verifying transactions in the Bitcoin blockchain by solving complex mathematical problems, and is typically done using specialized equipment and software. This event looks for signs of mining activity on the network, which may indicate that an attacker has compromised a system or network to mine Bitcoin.

What to Look For

To examine the results of the bitcoin_node_internal_external event, look for traffic patterns that suggest Bitcoin mining activity, such as a large amount of traffic to Bitcoin mining pools or to the Stratum mining protocol. Additionally, examine activity on individual endpoints for signs of Bitcoin mining software or high CPU usage, which may indicate that a system is being used to mine Bitcoin. If you identify Bitcoin mining on your network, take action to identify and remediate any compromised systems or networks.

Related MITRE ATT&CK Categories

Resource Hijacking, Technique T1496 - Enterprise

Updated 13 days ago