
Docker Hub Cryptojacking: Malicious XMRig Image Mining Monero
A platform engineer pulls a public Docker Hub image disguised as a network scanning utility to a shared build-runner. Instead of scanning, the image clones the public xmrig repository, runs a shell launcher, and starts the XMRig miner against the hashvault Monero pool for an attacker wallet, pinning the host CPU for hours and failing over to a second pool when throttled. Reconstruct the cryptojacking chain from endpoint XDR and perimeter firewall telemetry, and classify the key ATT&CK techniques.
Launches in 5 days
Tuesday, July 14, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 14, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever