ET DELETED Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining

SID: 2024720Rev: 40 views
History
Sourceet/open
CreatedSeptember 18, 2017
UpdatedAugust 20, 2020
Classificationpolicy-violation
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining"; flow:established,from_server; content:"|55 04 0a|"; content:"|0d|Let|27|s Encrypt"; distance:1; within:14; fast_pattern; content:"|55 04 03|"; distance:0; content:"coin-hive"; within:50; nocase; pcre:!"/#http:\/\/cert.*coinhive/i"; reference:url,coin-hive.com; classtype:policy-violation; sid:2024720; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2017_09_18, deployment Perimeter, signature_severity Minor, updated_at 2020_08_20;)

References

urlcoin-hive.com

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
created at2017_09_18
deploymentPerimeter
signature severityMinor
updated at2020_08_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!