PUA-OTHER -- Snort has detected a Potentially Unwanted Application (PUA). This Is a program which installs adware or toolbars, collects information, runs unwanted processes that consume computing resources, or has otherwise unclear objectives. These are usually additional programs bundled with legitimate programs. Some users consider the benefit of the main application to outweigh the risks of the PUA; you are paying for a free product by contributing with advertising or data. These alerts are often assigned a lower risk, as they are not directly malicious or as fast-spreading as worms or trojans. This alert concerns traffic typical of PUAs that are not common enough to warrant their own category. This is commonly associated with cryptocurrency mining activity.
PUA-OTHER Cryptocurrency Miner outbound connection attempt
This rule looks for an attempt to join a mining pool by verifying the options specified in the TCP stratum protocol data. You can verify this by looking for a login that contains the User ID, password, and agent associated with the miner.
This event is generated when a cryptocurrency miner attempts an outbound connection to join a mining pool.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Impact
Technique: Resource Hijacking
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
