216.73.217.22

Attackers deploying new tactics in campaign targeting exposed Docker APIs

· Published 20/06/2024 12:42 · Modified 20/06/2024 13:11

Export JSON

Essential information

Published
20/06/2024 12:42
Modified
20/06/2024 13:11
Tags
2024-06-20 chkstart compiler docker docker engine docker host execstartpost exeremo go code mnt directory spinning yarn tencent vurl xmrig miner yarn
Related entities
2 vulnerabilities (cve), 37 observables, 4 techniques (mitre)

Description

Datadog Security Researchers recently encountered a new campaign that targets API endpoints publicly exposed without authentication, with the objective of spreading cryptojacking malware. The observed TTPs bear resemblance to those seen in , another campaign discovered in March 2024. Based on analysis of the two campaigns and the infrastructure underpinning them, we have made a high-confidence assessment that these campaigns are linked.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (2)

CVE-2023-22515 KEV
9.8 Critical

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …

Attack vector
Network
Published
05/10/2023
Modified
21/12/2025
CVE-2022-26134 KEV

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published
02/06/2022
Modified
27/05/2026

Observables (37)

  • 194.36.190.118
  • 107.189.7.84
  • 206.189.204.54
  • 64.19.222.131
  • http://b.9-9-13.com/brysj/m/m.tar
  • http://b.9-9-11.com/brysj/m/m.tar
  • http://b.9-9-12.com/brysj/m/m.tar
  • http://b.9-9-11.com/brysj/d/s.sh
  • http://b.9-9-11.com/brysj/d/ar.sh
  • http://b.9-9-11.com/brysj/d/ai.sh
  • m.9-9-8.com
  • m.9-9-19.com
  • m.9-9-18.com
  • m.9-9-17.com
  • m.9-9-16.com
  • m.9-9-15.com
  • m.9-9-14.com
  • m.9-9-13.com
  • m.9-9-12.com
  • m.9-9-11.com
  • b.9-9-13.com
  • b.9-9-12.com
  • b.9-9-11.com
  • network-online.target
  • fdda14d3bc993960991ac6c95964514444e730f04b76d607df6e59087761648d
  • f53b8f70f6aeb478781e17ffd16a0fbbe5a5a08b4c4c0597091bc3407794ed1b
  • f3925aad20636a17be343ff473e6acb86345bc82c6611daa2154e24cd5e670e8
  • dcff5f9e748c915aeefce08991d924197aff7f2a0affda00bfb45cfa1919b641
  • b6ddd29b0f74c8cfbe429320e7f83427f8db67e829164b67b73ebbdcd75d162d
  • 852a577b227aa856399ae836d9db15eee38a4f62301a8590f80a009ec29dad8a
  • 7044f839aecd91bc5e4deac327d0b41fdae9a8238a9b64510ff336e49ed92e08
  • 51de345f677f46595fc3bd747bfb61bc9ff130adcbec48f3401f8057c8702af9
  • 32dfb086e6719c20666f151d17a3fbfcbccf559d0a8f1b2b888175f1a4d8f8a8
  • 2063e682e631fc28d77b50b32494edf2cf37bcc1e85c6d0302b34fa2e30aa52f
  • 12481d3fbcee0ed5aa8a9c8bc1aeb71bf9439cbddf68e8cd275c2a90b26ec0ad
  • 0d508268b3f6d3b5396d5d182e546e59311af1d4ebe03a7728e2fd2a212c008b
  • 048a1fe62bcd51cbf91128012dc1c15f25b17133d241c25d6717c3caf766c1ec

Techniques (MITRE) (4)

External references