Skip to main content
Docker Hub Cryptojacking: Malicious XMRig Image Mining Monero operation cover
COMING SOONIntermediatePRO

Docker Hub Cryptojacking: Malicious XMRig Image Mining Monero

A platform engineer pulls a public Docker Hub image disguised as a network scanning utility to a shared build-runner. Instead of scanning, the image clones the public xmrig repository, runs a shell launcher, and starts the XMRig miner against the hashvault Monero pool for an attacker wallet, pinning the host CPU for hours and failing over to a second pool when throttled. Reconstruct the cryptojacking chain from endpoint XDR and perimeter firewall telemetry, and classify the key ATT&CK techniques.

40m
7 tasks
50 points
Pro

Launches in 5 days

Jul 14, 2026

Tuesday, July 14, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

XDRFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Incident brief
2Identify the malicious image
3Classify how the container itself was the attack
4Name the miner process
5Recover the mining pool the miner connected to
6Classify the operator's objective
7Recover the attacker's wallet

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 14, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever