Rule History

SID: 2024720 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 4 • Sep 18, 2017, 12:00 PM

Message:

ET DELETED Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining

Rule:

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining"; flow:established,from_server; content:"|55 04 0a|"; content:"|0d|Let|27|s Encrypt"; distance:1; within:14; fast_pattern; content:"|55 04 03|"; distance:0; content:"coin-hive"; within:50; nocase; pcre:!"/#http:\/\/cert.*coinhive/i"; reference:url,coin-hive.com; classtype:policy-violation; sid:2024720; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2017_09_18, deployment Perimeter, signature_severity Minor, updated_at 2020_08_20;)

Created:

Sep 18, 2017, 12:00 PM

Updated:

Aug 20, 2020, 12:00 PM

DB Created:

Sep 18, 2017, 12:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-deleted.rules