Xulu: Cryptojacking Leveraging Shodan, Tor, and Malicious Docker Container

Malicious Docker Images that Mine Monero

/toolbin/darwin -o us-east.cryptonight-hub.miningpoolhub.com:20580 -u xulu.autodeploy -p x --currency monero -i 0 -c conf.txt -r

Scale of Attack and Security Recommendations

  • Services for internal use (e.g. Docker) should not be exposed to the Internet. Use adequate ACL or other authentication technique to only allow access from trusted users.
  • Since hidden services have been used by many botnets, users who do not often use them may use some tricks to drop packets to and from it, such as on Linux you can run: echo -e "\n0.0.0.0 .onion" >> /etc/hosts This command sinkholes (redirects) any traffic to and from hidden services.
  • Cloud firewalls are useful in preventing attacks. We recommend Alibaba Cloud Firewall because it is able to detect, block and analyze threats. You will be protected from intrusion and malicious mining with AI technologies on your side.
  • Alibaba Cloud Managed Security Service enables users to call on expertise of Alibaba’s security specialists, who will help you clean up malware, improve configurations, and enhance overall security. If you are concerned about your organizations’ security, you should give it a try.

IOC

http://wg6kw72fqds5n2q2x6qjejenrskg6i3dywe7xrcselhbeiikoxfrmnqd.onion
http://wg6kw72fqds5n2q2x6qjejenrskg6i3dywe7xrcselhbeiikoxfrmnqd.onion/bnet1.txt
http://wg6kw72fqds5n2q2x6qjejenrskg6i3dywe7xrcselhbeiikoxfrmnqd.onion/shodan.txt
us-east.cryptonight-hub.miningpoolhub.com:20580
c29dfe75862b6aed91bec4ffc7b20b9c

Reference

--

--

--

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Compliance Checklist for China’s PIPL

Low Multiplicative Complexity — LowMC

A Closer Look at BLE Pairing

Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2

Partnership with InsureDAO

Treasure Finding For Pirates: Meet Witness-based Encryption

{UPDATE} Tacit Robbers Hack Free Resources Generator

PBSO: Looking For This Man Accused Of Check Fraud

PBSO: Looking For This Man Accused Of Check Fraud

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

More from Medium

Kubernetes Architecture — Processes run on Master Node

Kubernetes yaml Overview

kubectl explore, a better kubectl explain