2025435 < Main < EmergingThreats

Main Web>2025435 (2020-11-05, TWikiGuest) (raw view)
 <h2>
 

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner, signature_severity Major, updated_at 2020_11_05;)

</h2>

Added 2020-11-05 18:35:58 UTC


 %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }%
 
 <hr>
 


 <h2>
 

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, created_at 2018_03_19, deployment Datacenter, former_category EXPLOIT, malware_family CoinMiner, signature_severity Major, updated_at 2020_03_04;)

</h2>

Added 2020-08-05 19:14:33 UTC


 
 <hr>
 


 <h2>
 

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; http_uri; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner, updated_at 2020_03_04;)

</h2>

Added 2020-03-04 19:16:55 UTC


 
 <hr>
 


 <h2>
 

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner, updated_at 2018_03_19;)

</h2>

Added 2018-09-13 19:54:36 UTC


 
 <hr>
 


 <h2>
 


</h2>

Added 2018-09-13 18:02:05 UTC


 
 <hr>
 


 <h2>
 

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_users/"; content:"_admin"; http_client_body; fast_pattern; metadata: former_category EXPLOIT; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_03_19, malware_family CoinMiner, updated_at 2018_03_19;)

</h2>

Added 2018-03-19 17:12:30 UTC


 
 <hr>
Topic revision: r1 - 2020-11-05 - TWikiGuest
Main
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss Feed
EmergingFAQ