ioc[.]one - OSINT Cyber Threat Intelligence Database

Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions – Sysdig

Tags

attack-pattern:

Data Models Credentials - T1589.001 Javascript - T1059.007 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Browser Extensions - T1176 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	71557a50-fbbc-4f59-8d60-6bd62cdf6c50
Fingerprint	ad84955989e62a69
Analysis status	DONE
Considered CTI value	1
Text language
Published	Oct. 25, 2022, midnight
Added to db	Jan. 16, 2023, 3:52 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions
Title	Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions – Sysdig
Detected Hints/Tags/Attributes	69/1/16

Source URLs

	Redirection	Url
Details	Source	https://sysdig.com/blog/massive-cryptomining-operation-github-actions/

URL Provider

Details	Provider	Source level domain
Details	sysdig.com	sysdig.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	5		buddy.works
Details	Domain	27		api.github.com
Details	Domain	3		fly.io
Details	Domain	1		stratum-na.rplant.xyz
Details	File	174		index.js
Details	File	1206		index.php
Details	File	1		paid84744474.php
Details	Github username	11		repos
Details	IPv4	1		5.199.170.64
Details	IPv4	1		212.90.120.130
Details	IPv4	1		185.150.117.221
Details	IPv4	1		188.214.130.21
Details	IPv4	1		93.115.29.187
Details	IPv4	1		92.242.62.20
Details	Threat Actor Identifier - APT	132		APT32
Details	Url	3		https://api.github.com/repos