Today > vulnerabilities   -   You can now download lists of IOCs here!

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

July 5, 2024, 4:21 p.m.

Tags
linux
cryptominer
2024-07-05
groovy language
jenkins script console
External References
Description

This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that download and execute miner binaries while maintaining persistence through cron jobs and systemd utilities.

Date

Published: July 5, 2024, 3:26 p.m.

Created: July 5, 2024, 3:26 p.m.

Modified: July 5, 2024, 4:21 p.m.

Indicators

57fedfb431a717031f454d4fb2809d1f6d432a9edd900b07f0b9f9aca7fb3597

119cdc48db534c6093a24e78120c433480c5fb3f4a1a79270a78d9bf049fbe1c

07ca2a2e0d6ccfcef2cb010fe80a831c963755cc6179aaa95fe6e04d7d076c89

berrystore.me

Download all indicators here!

Attack Patterns

T1053.003

T1053.006

T1071.001

T1222.002

T1057

T1105

T1496

T1083

T1140

T1190