Rules by Product and UseCase

April 15, 2026 · View on GitHub

Vendor: Unix

Product: Auditbeat

Use-Case: Cryptomining

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
10110
Event TypeRulesModels
process-createdT1496 - Resource Hijacking
↳ A-EPA-Shadow-Mining-name: Process ending with 'miner.exe' has been run on this asset

Contents

  1. 1Vendor: Unix
  2. 1.1Product: Auditbeat
  3. 1.2Use-Case: Cryptomining