ET COINMINER W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013 - Suricata Rule 2017874 (et/open)

ET COINMINER W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013

SID: 2017874Rev: 20 viewsHistory

Sourceet/open

CreatedDecember 17, 2013

UpdatedJuly 26, 2019

Classificationcoin-mining

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET COINMINER W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013"; flow:established,to_server; content:"/blam/flashplayerv"; nocase; http_uri; reference:url,blog.malwarebytes.org/fraud-scam/2013/12/fake-flash-player-wants-to-go-mining/; reference:url,esearch.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html; classtype:coin-mining; sid:2017874; rev:2; metadata:attack_target Client_Endpoint, created_at 2013_12_17, deployment Perimeter, confidence High, signature_severity Major, tag Coinminer, updated_at 2019_07_26, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1496, mitre_technique_name Resource_Hijacking;)

References

url	blog.malwarebytes.org/fraud-scam/2013/12/fake-flash-player-wants-to-go-mining/
url	esearch.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html

Metadata

attack targetClient_Endpoint

created at2013_12_17

deploymentPerimeter

confidenceHigh

signature severityMajor

tagCoinminer

updated at2019_07_26

mitre tactic idTA0040

mitre tactic nameImpact

mitre technique idT1496

mitre technique nameResource_Hijacking

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!