Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

July 5, 2024, 4:21 p.m.

Description

This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that download and execute miner binaries while maintaining persistence through cron jobs and systemd utilities.

Date

Published: July 5, 2024, 3:26 p.m.

Created: July 5, 2024, 3:26 p.m.

Modified: July 5, 2024, 4:21 p.m.

Indicators

57fedfb431a717031f454d4fb2809d1f6d432a9edd900b07f0b9f9aca7fb3597

119cdc48db534c6093a24e78120c433480c5fb3f4a1a79270a78d9bf049fbe1c

07ca2a2e0d6ccfcef2cb010fe80a831c963755cc6179aaa95fe6e04d7d076c89

berrystore.me

Attack Patterns

T1053.003

T1053.006

T1071.001

T1222.002

T1057

T1105

T1496

T1083

T1140

T1190