ET MALWARE MSIL/CoinMiner Performing System Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 28, 2020
UpdatedAugust 28, 2020
Classificationcoin-mining
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MSIL/CoinMiner Performing System Checkin"; flow:established,to_server ; http.uri; content:"/ReportSpeed"; endswith; fast_pattern; http.request_body; content:"|2c 22|GpuDriver|22 3a 22|"; content:"|2c 22|OSName|22 3a 22|"; content:"|2c 22|DiskSpace|22 3a 22|"; reference:md5,0bdfccd5aab30f98e212abde79d923ef ; classtype:coin-mining; sid:2030812; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_08_28, deployment Perimeter, malware_family MSIL_CoinMiner, confidence High, signature_severity Major, tag Coinminer, updated_at 2020_08_28, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1496, mitre_technique_name Resource_Hijacking;)
References
| md5 | 0bdfccd5aab30f98e212abde79d923ef |
Metadata
affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2020_08_28
deploymentPerimeter
malware familyMSIL_CoinMiner
confidenceHigh
signature severityMajor
tagCoinminer
updated at2020_08_28
mitre tactic idTA0040
mitre tactic nameImpact
mitre technique idT1496
mitre technique nameResource_Hijacking
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!