JINX-0126JINX-0126

Also known as: JINX-0126

Known aliases
1

Profile

Wiz Threat Research identified a new variant of an ongoing malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers. In the observed attack, the threat actor (tracked by Wiz as JINX-0126) abuses exposed PostgreSQL instances, configured with weak and guessable login credentials, to gain access and to deploy XMRig-C3 cryptominers. This campaign was first documented by Aqua Security, but the threat actor has since evolved, implementing defense evasion techniques such as deploying binaries with a unique hash per target and executing the miner payload filelessly—likely to evade detection by CWPP solutions that rely solely on file hash reputation.

Aliases· 1

JINX-0126

References

  1. https://www.wiz.io/blog/postgresql-cryptomining
  2. https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
JINX-0164
Actor
Pickaxe
Software
GhostMiner
Actor
Water Sigbin
Actor
TRIPLESTRENGTH
Software
KingMiner
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.