A Cryptominer downloaded during runtime
August 22, 2020

A malicious binary is downloaded from a remote source while running the vanilla container image alpine:latest. Once executed the image is set to hijacking the host’s resources.

Type IOC Details
File 84bd6a9d43ed59e457f8af9b9ef358b0 Path: /main.sh
File 04c1b4a71d6bd7f18cfbc062f322ed16 Path: /opt/server/xmrig
IP address 185[.]10[.]68[.]147 Attacker’s C2 server