ET COINMINER CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit

SID: 2025186Rev: 110 viewsHistory

Sourceet/open

CreatedJanuary 4, 2018

UpdatedJuly 26, 2019

Classificationcoin-mining

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET COINMINER CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit"; flow:established,to_server; content:"{|22|id|22 3A|"; depth:6; content:"|22|method|22 3a 20 22|mining.authorize|22 2c|"; within:100; content:"|22|params|22|"; within:50; content:"|5b 22|4AQe5sAFWZKECiaeNTt59LG7kVtqRoSRJMjrmQ6GiMFAeUvoL3MFeTE6zwwHkFPrAyNw2JHDxUSWL82RiZThPpk4SEg7Vqe|22 2c 20 22|"; distance:0; reference:url,otx.alienvault.com/pulse/5a4e1c4993199b299f90a212; classtype:coin-mining; sid:2025186; rev:1; metadata:attack_target Client_Endpoint, created_at 2018_01_04, cve CVE_2017_10271, deployment Perimeter, deployment Datacenter, malware_family CoinMiner, confidence High, signature_severity Major, tag Coinminer, tag CISA_KEV, updated_at 2019_07_26, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1496, mitre_technique_name Resource_Hijacking;)

References

url	otx.alienvault.com/pulse/5a4e1c4993199b299f90a212

Metadata

attack targetClient_Endpoint

created at2018_01_04

cveCVE-2017-10271

deploymentDatacenter

malware familyCoinMiner

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2019_07_26

mitre tactic idTA0040

mitre tactic nameImpact

mitre technique idT1496

mitre technique nameResource_Hijacking

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!