2025435 < Main < EmergingThreats

EmergingThreats>

Main Web>2025435 (2020-11-05, TWikiGuest)

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner?, signature_severity Major, updated_at 2020_11_05;)

Added 2020-11-05 18:35:58 UTC

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner?, signature_severity Major, updated_at 2020_03_04;)

Added 2020-08-05 19:14:33 UTC

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2020_03_04;)

Added 2020-03-04 19:16:55 UTC

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2018_03_19;)

Added 2018-09-13 19:54:36 UTC

Added 2018-09-13 18:02:05 UTC

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2018_03_19;)

Added 2018-03-19 17:12:30 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r1 - 2020-11-05 - TWikiGuest

Main

Log In

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats