Jenkins Miner: One of the Biggest Mining Operations Ever Discovered - Check Point Research
Tags
attack-pattern: Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f59ac241-93a8-4d03-994a-6a2ae3568e6e
Fingerprint a5279d1065278cad
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 15, 2018, 7:44 p.m.
Added to db Feb. 18, 2023, 12:26 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
Title Jenkins Miner: One of the Biggest Mining Operations Ever Discovered - Check Point Research
Detected Hints/Tags/Attributes 25/1/22
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2018/jenkins-miner-one-biggest-mining-operations-ever-discovered/
Details Source https://research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2017-1000353
Details Domain 339 
system.net
Details Domain 1 
btc.poolbt.com
Details Domain 1 
shell.poolbt.com
Details Domain 1 
xmr.btgirl.com.cn
Details Domain 1 
btc.btgirl.com.cn
Details File 1209 
powershell.exe
Details File 2 
minerxmr.exe
Details File 1 
c:\\windows\\minerxmr.exe
Details sha256 1 
0bb4503cc52530ddadb102fa4010fb4d89af88aca846d4b16f601d0702134246
Details sha256 1 
06f8eda46fd6bdc11b8ec4d18a0f0afbf3d47f82cea8363d342975896582a715
Details sha256 1 
f0430130a2f3549b1aeff0a9fb2246f68f585a7c1d312c7be385a1cf5f37e70d
Details sha256 1 
c87d294cb0384cb56f4829d58cdd3f53572d3f95c2133a9b1da5f5bc1710f22f
Details sha256 1 
f750d6da918a5f2f2c442a339821ffebcad4b61e4ca1684bac0e7df98416a794
Details sha256 1 
3002551eebaf486d77a2b81d87db553ad8632bb132553e306395c5da589171fe
Details sha256 1 
213a23219ff89c412f92aa1fdf7152178a81514014ee1cc4ffee97e725ee63a3
Details sha256 1 
ff8c97cd55523cbdceef80407269d35bbf78abcbf807426c12d9debe1ce498d9
Details sha256 1 
2beaa23907c40cfcb705844f4f515ff81a788abe1aed2c8d23626d9d735968ae
Details sha256 1 
b22fa98c3ee99222c4e827a9745f206ccf7cd40530459a92f183e148b0df5ce9
Details IPv4 3 
222.184.79.11
Details IPv4 1 
183.136.202.244
Details Url 1 
http://222.184.79.11:5329/minerxmr.exe