Description
Aqua Nautilus researchers identified a Linux malware, named Hadooken, targeting Oracle WebLogic servers. Upon gaining initial access through an exploited weak password, Hadooken deploys a cryptominer and the Tsunami malware. The report details the attack flow, techniques employed by the threat actors, including remote code execution, persistence mechanisms, and lateral movement. It also provides Indicators of Compromise (IOCs) and recommendations for detecting and mitigating such attacks.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 13, 2024, 9:13 a.m. | Sept. 13, 2024, 9:13 a.m. | Sept. 13, 2024, 9:26 a.m. |
Indicators
1fcc2061f767574044ca1e97f92ca1d44ee0b35e0a796e3bd6a949ad4b1175e5
652f25d8f197ad00e4a64d1ad4066778e1bbc9a0e29faf09b90768c84f89c4ee
185.174.136.204
89.185.85.102
Attack Patterns
Hadooken
Mallox
Tsunami
T1059.008
T1076
T1059.006
T1059.001
T1219
T1499
T1027
T1053
T1190