Docker Gatling Gun Campaign
Oct. 29, 2024, 1:57 p.m.
Tags
External References
Description
Recent research has uncovered a new malicious campaign orchestrated by the notorious hacking group TeamTNT. This campaign exploits exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, utilizing compromised servers and Docker Hub as infrastructure for spreading their malicious payloads. TeamTNT is leveraging native cloud capabilities by appending compromised Docker instances to a Docker Swarm and using Docker Hub to store and distribute their malware, aiming to rent out victim's computational resources to third parties for cryptomining operations.
Date
Published: Oct. 29, 2024, 1:51 p.m.
Created: Oct. 29, 2024, 1:51 p.m.
Modified: Oct. 29, 2024, 1:57 p.m.
Indicators
5bb45f372fb4df6a9c6a5460fa1845f5e96af53aa41939eb251cbe989a5cac6c
43545f6cd370e6f200347bd9bbafdc3d94240775d816cd5e24dc8072d0f1c9b5
0af1b8cd042b6e2972c8ef43d98c0a0642047ec89493d315909629bcf185dffd
95.182.101.23
45.154.2.77
devnull.anondns.net
teamtnt.red
solscan.store
solscan.online
solscan.one
solscan.life
Attack Patterns
prochider
Sliver
TeamTNT
T1589
T1185
T1119
T1137
T1539
T1583
T1567
T1555
T1199
T1218
T1496
T1053
T1190
T1059