Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
May 2, 2024, 11:13 a.m.
Tags
External References
Description
This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware and phishing scams. It analyzes three major malware campaigns, dubbed 'Downloader', 'eBook Phishing', and 'Website SEO', that exploited Docker Hub's repository documentation feature. The report provides insights into the attackers' tactics, techniques, and infrastructure, highlighting the challenges of moderating open platforms.
Date
Published: May 1, 2024, 7:59 p.m.
Created: May 1, 2024, 7:59 p.m.
Modified: May 2, 2024, 11:13 a.m.
Indicators
https://urlgo.in/
https://urlin.us/2vwNSW
https://gohhs.com/'+c
https://gohhs.com/'
http://soneservice.shop/new/net_api
http://rd.lesac.ru/
http://failhostingpolp.ru/9ebeb1ba574fb8e786200c62159e77d15UtXt7/x60VKb8hl1YelOv1c5X1c0BuVzmFZ8-teb-LRH8w
http://blltly.com/1w1w1
rd.lesac.ru
vittuv.com
urluss.com
urluso.com
urloso.com
urllio.com
urllie.com
urlgoal.com
urlin.us
urlgo.in
urlca.com
urlcod.com
tweeat.com
tlniurl.com
totrakto.com
tiurll.com
tinurll.com
tinurli.com
tinourl.com
ssurll.com
soneservice.shop
shurll.com
shoxet.com
picfs.com
miimms.com
ltlly.com
jinyurl.com
imgfil.com
gts794.com
gohhs.com
geags.com
fancli.com
cinurl.com
bytlly.com
bltlly.com
blltly.com
2fexample.us
byltly.com
Attack Patterns
T1092
T1107
T1197
T1189
T1057
T1071
T1102
T1036
T1027
T1053
T1195
T1190
T1059