A Docker Hub image Utilized to Attack in the Wild
May 17, 2020

A malicious binary was detected in the container image cyberlion7777/ubuntu:xmrig. The binary was detected in one of the image’s layers. During runtime the image is set to hijacking the host’s resources. The image amassed 78 pulls.

Type IOC Details
File 175cbb923f220b8b6b06ea6bb0a6985d Path: /xmrig/build/xmrig
Image cyberlion7777/ubuntu:xmrig https://hub.docker.com/r/cyberlion7777/ubuntu
IP address 128[.]201[.]46[.]177 Attacker’s IP address