Malicious activity

AWS GuardDuty detects suspicious traffic from an instance with malware

Risk Level

Imminent Compromised (2)

Platform(s)
Compliance Frameworks

Description

Suspicious traffic was found by AWS GuardDuty service on EC2 instance {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) detected with malware by Orca. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detected one of the following types of suspicious network: (CryptoCurrency:EC2/BitcoinTool.B!DNS, CryptoCurrency:EC2/BitcoinTool.B, Backdoor:EC2/C&CActivity.B!DNS, Backdoor:EC2/C&CActivity.B, Trojan:EC2/DGADomainRequest.B, Trojan:EC2/DGADomainRequest.C!DNS).