Today > | 5 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Docker Gatling Gun Campaign

Oct. 29, 2024, 1:57 p.m.

Description

Recent research has uncovered a new malicious campaign orchestrated by the notorious hacking group TeamTNT. This campaign exploits exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, utilizing compromised servers and Docker Hub as infrastructure for spreading their malicious payloads. TeamTNT is leveraging native cloud capabilities by appending compromised Docker instances to a Docker Swarm and using Docker Hub to store and distribute their malware, aiming to rent out victim's computational resources to third parties for cryptomining operations.

Date

Published: Oct. 29, 2024, 1:51 p.m.

Created: Oct. 29, 2024, 1:51 p.m.

Modified: Oct. 29, 2024, 1:57 p.m.

Indicators

5bb45f372fb4df6a9c6a5460fa1845f5e96af53aa41939eb251cbe989a5cac6c

43545f6cd370e6f200347bd9bbafdc3d94240775d816cd5e24dc8072d0f1c9b5

0af1b8cd042b6e2972c8ef43d98c0a0642047ec89493d315909629bcf185dffd

95.182.101.23

45.154.2.77

devnull.anondns.net

teamtnt.red

solscan.store

solscan.online

solscan.one

solscan.life

Attack Patterns

prochider

Sliver

TeamTNT

T1589

T1185

T1119

T1137

T1539

T1583

T1567

T1555

T1199

T1218

T1496

T1053

T1190

T1059