alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner?, signature_severity Major, updated_at 2020_11_05;)

Added 2020-11-05 18:35:58 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner?, signature_severity Major, updated_at 2020_03_04;)

Added 2020-08-05 19:14:33 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2020_03_04;)

Added 2020-03-04 19:16:55 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2018_03_19;)

Added 2018-09-13 19:54:36 UTC


Added 2018-09-13 18:02:05 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner?, updated_at 2018_03_19;)

Added 2018-03-19 17:12:30 UTC


Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats