Description
This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware and phishing scams. It analyzes three major malware campaigns, dubbed 'Downloader', 'eBook Phishing', and 'Website SEO', that exploited Docker Hub's repository documentation feature. The report provides insights into the attackers' tactics, techniques, and infrastructure, highlighting the challenges of moderating open platforms.
Date
| Published | Created | Modified |
|---|---|---|
| May 1, 2024, 7:59 p.m. | May 1, 2024, 7:59 p.m. | May 2, 2024, 11:13 a.m. |
Indicators
https://urlgo.in/
https://urlin.us/2vwNSW
https://gohhs.com/'+c
https://gohhs.com/'
http://soneservice.shop/new/net_api
http://rd.lesac.ru/
http://failhostingpolp.ru/9ebeb1ba574fb8e786200c62159e77d15UtXt7/x60VKb8hl1YelOv1c5X1c0BuVzmFZ8-teb-LRH8w
http://blltly.com/1w1w1
Attack Patterns
T1092
T1107
T1197
T1189
T1057
T1071
T1102
T1036
T1027
T1053
T1195
T1190
T1059