Use Case: Cryptomining

Vendor: AMD

Product	MITRE ATT&CK® TTP	Content
Pensando	T1496 - Resource Hijacking	1 Rules

Vendor: APC

Product	MITRE ATT&CK® TTP	Content
APC	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Airlock

Product	MITRE ATT&CK® TTP	Content
Airlock Security Access Hub	T1496 - Resource Hijacking	1 Rules

Vendor: Akamai

Product	MITRE ATT&CK® TTP	Content
Cloud Akamai	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS GuardDuty	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
AWS WAF	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Attivo

Product	MITRE ATT&CK® TTP	Content
BOTsink	T1496 - Resource Hijacking	1 Rules

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Cloudgen Firewall	T1496 - Resource Hijacking	1 Rules

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondInsight	T1496 - Resource Hijacking	1 Rules
BeyondTrust	T1496 - Resource Hijacking	1 Rules

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Identity Awareness	T1496 - Resource Hijacking	1 Rules
Check Point NGFW	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
AnyConnect	T1496 - Resource Hijacking	1 Rules
Cisco ACS	T1496 - Resource Hijacking	1 Rules
Cisco Adaptive Security Appliance	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Cisco Cloud Web Security	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Cisco Firepower	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Cisco IOS	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Cisco Meraki MX appliance	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Cisco Secure Web Appliance	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Cisco Umbrella	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Duo Access	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Gateway	T1496 - Resource Hijacking	1 Rules
Citrix Web App Firewall	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Click Studios

Product	MITRE ATT&CK® TTP	Content
Passwordstate	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare WAF	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: CrowdStrike

Product	MITRE ATT&CK® TTP	Content
Falcon	T1496 - Resource Hijacking	2 Rules

Vendor: CyberArk

Product	MITRE ATT&CK® TTP	Content
Cyberark Privilege Access Management	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Delinea

Product	MITRE ATT&CK® TTP	Content
Centrify Infrastructure Services	T1496 - Resource Hijacking	1 Rules

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
Sonicwall	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1496 - Resource Hijacking	2 Rules

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules

Vendor: Extreme Networks

Product	MITRE ATT&CK® TTP	Content
ExtremeCloud IQ	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
F5 Advanced Firewall Manager	T1496 - Resource Hijacking	1 Rules
F5 Advanced Web Application Firewall	T1496 - Resource Hijacking	2 Rules
F5 BIG-IP	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
F5 BIG-IP DNS	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
F5 Local Traffic Manager	T1496 - Resource Hijacking	1 Rules

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint Next-Gen Firewall	T1496 - Resource Hijacking	1 Rules
Websense Security Gateway	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Forescout

Product	MITRE ATT&CK® TTP	Content
Forescout CounterACT	T1496 - Resource Hijacking	1 Rules

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
FortiGate	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Fortinet Enterprise Firewall	T1496 - Resource Hijacking	1 Rules
Fortinet UTM	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Fortiweb Web Application Firewall	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Gigamon

Product	MITRE ATT&CK® TTP	Content
GigaVUE-HC2	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
Google Workspace	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: HP

Product	MITRE ATT&CK® TTP	Content
HP iLO	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
HPE Comware	T1496 - Resource Hijacking	1 Rules

Vendor: HelpSystems

Product	MITRE ATT&CK® TTP	Content
Powertech Identity and Access Manager	T1496 - Resource Hijacking	1 Rules

Vendor: Huawei

Product	MITRE ATT&CK® TTP	Content
Huawei Enterprise Network Firewall	T1496 - Resource Hijacking	1 Rules
Huawei Unified Security Gateway	T1496 - Resource Hijacking	1 Rules

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
HCL Notes	T1496 - Resource Hijacking	1 Rules
IBM Mainframe	T1496 - Resource Hijacking	1 Rules

Vendor: IPTables

Product	MITRE ATT&CK® TTP	Content
IPTables FW	T1496 - Resource Hijacking	1 Rules

Vendor: Illumio

Product	MITRE ATT&CK® TTP	Content
Illumio Core	T1496 - Resource Hijacking	1 Rules

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva Incapsula	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Pulse Secure	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper SRX Series	T1496 - Resource Hijacking	1 Rules
Junos OS	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
McAfee Web Gateway	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Active Directory Federation Services	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Azure Monitor	T1496 - Resource Hijacking	1 Rules
Azure Monitor - VM Insights	T1496 - Resource Hijacking	1 Rules
Event Viewer - ADFS	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Event Viewer - DNSServer	T1496 - Resource Hijacking	1 Rules
Event Viewer - PowerShell	T1496 - Resource Hijacking	1 Rules
Event Viewer - Security	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Event Viewer - System	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Microsoft 365	T1496 - Resource Hijacking	1 Rules
Microsoft Defender for Endpoint	T1496 - Resource Hijacking	2 Rules
Microsoft Exchange	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Microsoft IIS	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Network Security Group Flow Logs	T1496 - Resource Hijacking	1 Rules
Sysmon	T1496 - Resource Hijacking	1 Rules
Windows	T1496 - Resource Hijacking	2 Rules

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Targeted Threat Protection - URL	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
GlobalProtect	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Palo Alto NGFW	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1496 - Resource Hijacking	1 Rules

Vendor: QUSH

Product	MITRE ATT&CK® TTP	Content
Reveal	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: SIGSCI

Product	MITRE ATT&CK® TTP	Content
SIGSCI	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Singularity Platform	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos Endpoint Protection	T1496 - Resource Hijacking	1 Rules
Sophos UTM	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Sophos XG Firewall	T1496 - Resource Hijacking	1 Rules

Vendor: Squid

Product	MITRE ATT&CK® TTP	Content
Squid	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec Advanced Threat Protection	T1496 - Resource Hijacking	1 Rules
Symantec Endpoint Protection	T1496 - Resource Hijacking	1 Rules
Symantec Web Security Service	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Tanium

Product	MITRE ATT&CK® TTP	Content
Tanium Core Platform	T1496 - Resource Hijacking	1 Rules
Tanium Integrity Monitor	T1496 - Resource Hijacking	2 Rules

Vendor: ThreatBlockr

Product	MITRE ATT&CK® TTP	Content
ThreatBlockr	T1496 - Resource Hijacking	1 Rules

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
Deep Security	T1496 - Resource Hijacking	1 Rules
OfficeScan	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Auditbeat	T1496 - Resource Hijacking	1 Rules
Unix	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
Unix Auditd	T1496 - Resource Hijacking	1 Rules

Vendor: VMware

Product	MITRE ATT&CK® TTP	Content
Carbon Black App Control	T1496 - Resource Hijacking	1 Rules
Carbon Black CES	T1496 - Resource Hijacking	2 Rules
Carbon Black EDR	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	4 Rules
NSX Distributed Firewall	T1496 - Resource Hijacking	1 Rules
VMware NSX	T1496 - Resource Hijacking	1 Rules

Vendor: Varonis

Product	MITRE ATT&CK® TTP	Content
Varonis Data Security Platform	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Stream	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor: Zscaler

Product	MITRE ATT&CK® TTP	Content
Zscaler Internet Access	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules

Vendor:

Vendor: pfSense

Product	MITRE ATT&CK® TTP	Content
pfSense	T1496 - Resource Hijacking	1 Rules

Files

uc_cryptomining.md

Latest commit

History

uc_cryptomining.md

File metadata and controls

Use Case: Cryptomining

Vendor: AMD

Vendor: APC

Vendor: Airlock

Vendor: Akamai

Vendor: Amazon

Vendor: Apache

Vendor: Attivo

Vendor: Barracuda

Vendor: BeyondTrust

Vendor: Check Point

Vendor: Cisco

Vendor: Citrix

Vendor: Click Studios

Vendor: Cloudflare

Vendor: CrowdStrike

Vendor: CyberArk

Vendor: Delinea

Vendor: Dell

Vendor: Digital Guardian

Vendor: Dtex Systems

Vendor: Extreme Networks

Vendor: F5

Vendor: Forcepoint

Vendor: Forescout

Vendor: Fortinet

Vendor: Gigamon

Vendor: Google

Vendor: HP

Vendor: HelpSystems

Vendor: Huawei

Vendor: IBM

Vendor: IPTables

Vendor: Illumio

Vendor: Imperva

Vendor: InfoWatch

Vendor: Ivanti

Vendor: Juniper Networks

Vendor: LanScope

Vendor: McAfee

Vendor: Microsoft

Vendor: Mimecast

Vendor: Netskope

Vendor: Palo Alto Networks

Vendor: Proofpoint

Vendor: QUSH

Vendor: SIGSCI

Vendor: SentinelOne

Vendor: SkySea

Vendor: Sophos

Vendor: Squid

Vendor: Symantec

Vendor: Tanium

Vendor: ThreatBlockr

Vendor: Trend Micro

Vendor: Unix

Vendor: VMware

Vendor: Varonis

Vendor: Vectra

Vendor: Zeek

Vendor: Zscaler

Vendor:

Vendor: pfSense