Trojan:EC2/ PhishingDomain
Request!DNS
| Trojan Detected | {"version": "0", "id": "xxxxx-xx",
"detail-type": "GuardDuty Finding", "source": "aws.guardduty", "account":"1234567890",
"time": "2018-02-28T20: 25:00Z", "region":"us-west-2", "resources":
[] , "detail": {"schemaVersion":"2.0", "accountId" : "1234567890",
"region": "us-west-2","partition" : "aws", "id": "xxxxxxxx", "arn":
"arn:aws: guardduty:us-west-2:1234567890:detector/XXXXXXX /finding/xxxxxxx",
"type": "Trojan:EC2/Phishing DomainRequest!DNS","resource": {"resourceType"
: "Instance", "instanceDetails":{"instanceId" : "i-99999999", "instanceType":
"m3.xlarge", "launchTime": "2016-08-02T02:05:06Z", "product Codes":
[{"productCodeId": "GeneratedFinding ProductCodeId", "productCodeType":
"Generated FindingProductCodeType"}],"iamInstanceProfile" : {"arn":
"GeneratedFindingInstanceProfileArn" , "id": "GeneratedFindingInstanceProfileId"},
"networkInterfaces": [{"ipv6Addresses": [], "privateDnsName": "GeneratedFindingPrivateDns
Name", "privateIpAddress":"127.0.0.1", "priva teIpAddresses": [{"privateDnsName":
"Generated FindingPrivateName", "privateIpAddress":"127.0 .0.1"}],
"subnetId": "GeneratedFindingSubnetId ", "vpcId": "GeneratedFindingVPCId",
"security Groups": [{"groupName": "GeneratedFindingSecur ityGroupName",
"groupId": "GeneratedFindingSec urityId"}], "publicDnsName":"GeneratedFinding
PublicDNSName", "publicIp": "127.0.0.1"}], "tags": [{"key": "GeneratedFindingInstaceTag1
", "value":"GeneratedFindingInstaceValue1"}, {"key":"ami-99999999",
"imageDescription": "GeneratedFindingInstaceImageDescription"}} ,
"service": {"serviceName": "guardduty", "d etectorId": "xxxxxx","action":
{"actionType" : "DNS_REQUEST", "dnsRequestAction":{"domain ": "GeneratedFindingDomainName",
"protocol" : "UDP", "blocked": true}}, "resourceRole" : "TARGET",
"additionalInfo": {"threatList Name": "GeneratedFindingThreatListName",
"sample": true}, "eventFirstSeen": "2018- 02-28T20:22:26.350Z", "eventLastSeen":
"20 18-02-28T20:22:26.350Z", "archived": false, "count": 1.0}, "severity":
8.0, "createdAt ": "2018-02-28T20:22:26.350Z", "updatedAt" : "2018-02-28T20:22:26.350Z",
"title": "Trojan:EC2/PhishingDomainRequest!DNS", "description": "Trojan:EC2/PhishingDomain
Request!DNS"}}
|
