Coinhive Cryptocurrency Miner Obfuscated Detected Cisco

Coinhive cryptocurrency miner obfuscated detected cisco

CoinHive Cryptocurrency Miner Named 6th Most Common Malware

Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2018-03-01

This SRU number: 2018-02-28-001
Previous SRU number: 2018-02-26-001

Applies to:

  • 3D Sensor versions: 5.x / 6.x
  • Cisco FireSIGHGT Management Center (formerly Defense Center) versions: 5.x / 6.x

This SEU number: 1805
Previous SEU: 1804

Applies to:

  • 3D Sensor Versions: 4.10
  • Cisco FireSIGHGT Management Center (formerly Defense Center) versions: 4.10

This is the complete list of rules added in SRU 2018-02-28-001 and SEU 1805.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145774SERVER-WEBAPPHP IMC operatorGroupSelectContent Java expression language injection attemptoffoffdrop
145775SERVER-WEBAPPHP IMC operatorGroupSelectContent Java expression language injection attemptoffoffdrop
145776FILE-OTHERAdobe Acrobat Pro XPS file malformed Source attribute buffer overflow attemptoffoffoff
145777FILE-OTHERAdobe Acrobat Pro XPS file malformed Source attribute buffer overflow attemptoffoffoff
145778SERVER-OTHERJackson databind deserialization remote code execution attemptoffdropdrop
145779SERVER-OTHERJackson databind deserialization remote code execution attemptoffdropdrop
145782FILE-OTHEREMF EmrText object out of bounds read attemptoffdropdrop
145783FILE-OTHEREMF EmrText object out of bounds read attemptoffdropdrop
145784FILE-PDFAdobe Reader annotation object out of bounds read attemptoffoffoff
145785FILE-PDFAdobe Reader annotation object out of bounds read attemptoffoffoff
145786FILE-OTHERAdobe Acrobat Pro TIFF embedded XPS file out of bounds read attemptoffdropdrop
145787FILE-OTHERAdobe Acrobat Pro TIFF embedded XPS file out of bounds read attemptoffdropdrop
145788FILE-IMAGEAdobe Acrobat Pro TIFF embedded XPS file out of bounds read attemptoffdropdrop
145789FILE-IMAGEAdobe Acrobat Pro TIFF embedded XPS file out of bounds read attemptoffdropdrop
145790SERVER-WEBAPPJenkins Java SignedObject deserialization command execution attemptoffdropdrop
145791FILE-IMAGEAdobe Acrobat TIFF malformed YCbCrCoefficients values attemptoffdropdrop
145792FILE-IMAGEAdobe Acrobat TIFF malformed YCbCrCoefficients values attemptoffdropdrop
145793FILE-OTHERAdobe Acrobat Pro nested IFD out of bounds read attemptoffdropdrop
145794FILE-OTHERAdobe Acrobat Pro nested IFD out of bounds read attemptoffdropdrop
145795SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145796SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145797SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145798SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145799SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145800SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145801SERVER-OTHERJava Library CommonsCollection unauthorized serialized object attemptoffoffoff
145804SERVER-OTHERDisk Savvy Enterprise buffer overflow attemptoffoffdrop
145805SERVER-WEBAPPHP IMC guiDataDetail Java expression language injection attemptoffoffdrop
145806SERVER-WEBAPPHP IMC guiDataDetail Java expression language injection attemptoffoffdrop
145814FILE-IMAGEAdobe Acrobat Pro malformed JPEG tag data buffer overflow attemptoffoffdrop
145815FILE-IMAGEAdobe Acrobat Pro malformed JPEG tag data buffer overflow attemptoffoffdrop
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145780FILE-OTHERAdobe Acrobat Pro XPS out of bounds read attemptoffoffoff
145781FILE-OTHERAdobe Acrobat Pro XPS out of bounds read attemptoffoffoff
145802FILE-OTHERAdobe Acrobat Pro out of bounds read attemptoffoffoff
145803FILE-OTHERAdobe Acrobat Pro out of bounds read attemptoffoffoff
145807OS-WINDOWSMicrosoft Windows GetThreadContext kernel memory leak attemptoffoffdrop
145808OS-WINDOWSMicrosoft Windows GetThreadContext kernel memory leak attemptoffoffdrop
345813SERVER-WEBAPPCisco Unified Communications Manager information disclosure attemptoffoffoff
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145809INDICATOR-OBFUSCATIONCoinhive cryptocurrency miner obfuscated detected offoffdrop
145810INDICATOR-OBFUSCATIONCoinhive cryptocurrency miner obfuscated detected offdropdrop
145811FILE-OTHEREMF embedded image out of bound read attemptoffdropdrop
145812FILE-OTHEREMF embedded image out of bound read attemptoffdropdrop

Updated Rules:

Updated rules can be found at this link.