Tag: tsunami

6 Attack Reports | 0 Vulnerabilities

Attack reports

Q1 2026 Malware Statistics Report for Linux SSH Servers

Analysis of attacks against Linux SSH servers during Q1 2026 reveals P2PInfect worm as the dominant threat, representing 70.3% of all attack sources. DDoS botnets including Mirai, XMRig, Prometei, and CoinMiner were identified as primary threats. A notable campaign involved installing V2Ray proxy t…
xmrig
coinminer
xorddos
mirai
gafgyt
p2pinfect
tsunami
prometei
ssh brute-force
2026-04-14
chinese attribution
credential attacks
ddos botnet
honeypot analysis
linux servers
shellbot
v2ray
v2ray proxy
Published: April 14, 2026
Downloadable IOCs: 1

Hunting Lazarus: Inside the Contagious Interview C2 Infrastructure

A North Korean malware was discovered in an Upwork cryptocurrency project, leading to a five-day investigation into active Lazarus Group infrastructure. The malware utilized three infection mechanisms: VSCode auto-execution, backend RCE via Function Constructor, and cookie payload delivery. The inf…
backdoor
obfuscation
north korea
xmrig
cryptocurrency
supply chain
tsunami
beavertail
vercel
2026-01-15
upwork
vynlence
Published: January 15, 2026
Downloadable IOCs: 8

Docker Gatling Gun Campaign

Recent research has uncovered a new malicious campaign orchestrated by the notorious hacking group TeamTNT. This campaign exploits exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, utilizing compromised servers and Docker Hub as infrastructure for spreading their mali…
campaign
sliver
malicious
cryptomining
docker
tsunami
2024-10-26
exposed-daemons
cloud-native
container-security
docker-swarm
docker-hub
2024-10-29
prochider
Published: October 29, 2024
Downloadable IOCs: 11

Hadooken and K4Spreader: The 8220 Gang's Latest Arsenal

This analysis uncovers a significant infection chain targeting Windows and Linux systems through Oracle WebLogic vulnerabilities. The attackers, likely the 8220 Gang, exploit CVE-2017-10271 and CVE-2020-14883 to deploy malware including K4Spreader, Tsunami backdoor, and cryptominers. The infection …
china
botnet
cryptomining
brazil
pwnrig
tsunami
k4spreader
weblogic
hadooken
2024-10-01
CVE-2017-10271
CVE-2020-14883
Published: October 1, 2024
Linked vulnerabilities : CVE-2023-46604, CVE-2020-14883, CVE-2017-10271
Downloadable IOCs: 62

Hadooken Malware Targets Weblogic Applications

Aqua Nautilus researchers identified a Linux malware, named Hadooken, targeting Oracle WebLogic servers. Upon gaining initial access through an exploited weak password, Hadooken deploys a cryptominer and the Tsunami malware. The report details the attack flow, techniques employed by the threat acto…
linux
backdoor
cryptocurrency
mallox
lateral movement
tsunami
2024-09-13
weblogic
hadooken
Published: September 13, 2024
Downloadable IOCs: 4

Mining Gang's New Tool: k4spreader

QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is s…
botnet
2024-07-02
pwnrig
mining
tsunami
spreader
k4spreader
Published: July 2, 2024
Downloadable IOCs: 35
Click here to see more Attack Reports