ET COINMINER CoinMiner Malicious Authline Seen in JAR Backdoor

SID: 2022349Rev: 10 views
History
Sourceet/open
CreatedJanuary 12, 2016
UpdatedJuly 26, 2019
Classificationcoin-mining
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET COINMINER CoinMiner Malicious Authline Seen in JAR Backdoor"; flow:established,to_server; content:"{|22|id|22 3A|"; depth:6; content:"|22|method|22 3a 20 22|mining.authorize|22 2c|"; within:100; content:"|22|params|22|"; within:50; content:"|5b 22|CGX2U2oeocN3DTJhyPG2cPg7xpRRTzNZkz|22 2c 20 22|"; distance:0; reference:url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:coin-mining; sid:2022349; rev:1; metadata:attack_target Client_Endpoint, created_at 2016_01_12, deployment Perimeter, confidence High, signature_severity Major, tag Coinminer, updated_at 2019_07_26, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1496, mitre_technique_name Resource_Hijacking;)

References

urlresearch.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
urlblog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html

Metadata

attack targetClient_Endpoint
created at2016_01_12
deploymentPerimeter
confidenceHigh
signature severityMajor
tagCoinminer
updated at2019_07_26
mitre tactic idTA0040
mitre tactic nameImpact
mitre technique idT1496
mitre technique nameResource_Hijacking

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!