Today > vulnerabilities   -   You can now download lists of IOCs here!

Hadooken Malware Targets Weblogic Applications

Sept. 13, 2024, 9:26 a.m.

Tags
linux
backdoor
cryptocurrency
mallox
lateral movement
tsunami
2024-09-13
weblogic
hadooken
External References
Description

Aqua Nautilus researchers identified a Linux malware, named Hadooken, targeting Oracle WebLogic servers. Upon gaining initial access through an exploited weak password, Hadooken deploys a cryptominer and the Tsunami malware. The report details the attack flow, techniques employed by the threat actors, including remote code execution, persistence mechanisms, and lateral movement. It also provides Indicators of Compromise (IOCs) and recommendations for detecting and mitigating such attacks.

Date

Published: Sept. 13, 2024, 9:13 a.m.

Created: Sept. 13, 2024, 9:13 a.m.

Modified: Sept. 13, 2024, 9:26 a.m.

Indicators

1fcc2061f767574044ca1e97f92ca1d44ee0b35e0a796e3bd6a949ad4b1175e5

652f25d8f197ad00e4a64d1ad4066778e1bbc9a0e29faf09b90768c84f89c4ee

185.174.136.204

89.185.85.102

Download all indicators here!

Attack Patterns

Hadooken

Mallox

Tsunami

T1059.008

T1076

T1059.006

T1059.001

T1219

T1499

T1027

T1053

T1190