Back to Rule

Rule History

SID: 2022886 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 4Jun 9, 2016, 12:00 PM

ET COINMINER Crypto Coin Miner Login

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET COINMINER Crypto Coin Miner Login"; flow:to_server,established; content:"|7b 22|method|22 3a|"; depth:10; fast_pattern; content:"|22|login|22 2c|"; within:9; content:"|22|params|22 3a|"; within:10; content:"|7b 22|login"; nocase; within:8; content:"agent|22 3a|"; nocase; distance:0; reference:md5,d1082e445f932938366a449631b82946; reference:md5,33d7a82fe13c9737a103bcc4a21f9425; reference:md5,ebe1aeb5dd692b222f8cf964e7785a55; classtype:coin-mining; sid:2022886; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2016_06_09, deployment Perimeter, malware_family CoinMiner, performance_impact Low, signature_severity Informational, tag Bitcoin_Miner, updated_at 2020_08_19;)

Jun 9, 2016, 12:00 PM

Aug 19, 2020, 12:00 PM

Jun 9, 2016, 12:00 PM

May 31, 2024, 9:00 PM

rules/emerging-coinminer.rules