Why did I receive an Amazon GuardDuty CryptoCurrency:EC2/BitcoinTool.B!DNS finding type for my Amazon EC2 instance?
1 minute read
0
Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
The GuardDuty CryptoCurrency:EC2/BitcoinTool.B!DNS finding type indicates that an Amazon EC2 instance in your AWS environment is querying a domain name. The domain name is associated with cryptocurrency-related activity such as Bitcoin mining. If you don't expect this behavior, it might be a result of unauthorized activity on your AWS account.
Resolution
If you use your EC2 instance with cryptocurrency or with blockchain activity, this finding type might be expected activity for your environment. It's a best practice to set up a suppression rule for this finding type. For more information and instructions, see CryptoCurrency:EC2/BitcoinTool.B!DNS.