Monero Miner installed via Jenkins RCE exploit

publish date:

reference :

IOC Table
total 12
type value
CVE CVE-2018-1000861
FileHash-SHA256 0ed4f3df103f1f1785b9bc0bb45664ab0335f9e275d3590856623b30c77eb202
FileHash-SHA256 365198ed4f1205c42fa448d41c9088d3dea6bff43173c5e870e8bec4631c3a7d
FileHash-SHA256 68d8f6398b3b1e68d9d1145fdcfc1a7200e61ccba7bf09213c49606244c547c3
FileHash-SHA256 e0503b1cc58014000dbaaebd514f564183809ef6022b8977562f3149083d7a3d
hostname xmr.sosoeazy.info
IPv4 87.44.19.162
IPv4 107.151.103.117
URL https://github.com/xmrig/xmrig/releases/download/
URL https://github.com/xmrig/xmrig/releases/download/v2.8.3/xmrig-2.8.3-xenial-amd64.tar.gz
URL http://87.44.19.162/job/Insecure-Jenkins/ws/trace
URL http://54.88.236.33/job/Insecure-Jenkins/ws/trace

Sagawa 20/Jan/2019

publish date:

reference :

Rtf malware on Metadefender.com

publish date:

reference :

Mailsend malware on Metadefender.com

publish date:

reference :

Exp malware on Metadefender.com

publish date:

reference :

Neu malware on Metadefender.com

publish date:

reference :

Zatoxp malware on Metadefender.com

publish date:

reference :

Adload malware on Metadefender.com

publish date:

reference :

0ad73352 malware on Metadefender.com

publish date:

reference :

Nba malware on Metadefender.com

publish date:

reference :

Neshta malware on Metadefender.com

publish date:

reference :

Peed malware on Metadefender.com

publish date:

reference :

A0gi2lgi malware on Metadefender.com

publish date:

reference :

Coinhive malware on Metadefender.com

publish date:

reference :

Servstart malware on Metadefender.com

publish date:

reference :

Faceliker malware on Metadefender.com

publish date:

reference :

Arduk malware on Metadefender.com

publish date:

reference :

Flystudio malware on Metadefender.com

publish date:

reference :