ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash f38504f53f6a25c405cfa272572eb0ededbbb4b9399b8aec1706d5e2b990f1c9.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1822572
IOC: f38504f53f6a25c405cfa272572eb0ededbbb4b9399b8aec1706d5e2b990f1c9
IOC Type :sha256_hash
Threat Type :payload
Malware: XMRIG
Confidence Level : Confidence level is high (80%)
Is compromised? : False
First seen:2026-06-05 05:19:10 UTC
Last seen:never
UUID:5c709f2b-605d-11f1-a345-42010aa4000a
Reporter nullblue67
Reward 5 credits from ThreatFox
Tags:cryptojacking docker-api elf miner moneroocean truncated x86_64 xmrig
Reference: https://twitter.com/NullBlue67

Avatar
nullblue67
XMRig truncated capture (2.26MB of ~8.3MB) from Docker API exploit. Operator queries GitHub api MoneroOcean releases then fetches from 92.60.77.99:8888/xmrig-x86 2026-06-04 NullBlue67