Exposed Docker Server Abused to Drop Cryptominer DDoS Bot
Tags
country: China
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Confluence - T1213.001 Cron - T1053.003 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Vulnerabilities - T1588.006 Third-Party Software - T1072
Show in Graph
Common Information
Type Value
UUID bd7259b0-d425-404b-8deb-5cc5a5deedb5
Fingerprint 380799988567632f
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 8, 2020, midnight
Added to db Oct. 15, 2024, 9:35 p.m.
Last updated Nov. 17, 2024, 5:55 p.m.
Headline Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
Title Exposed Docker Server Abused to Drop Cryptominer DDoS Bot
Detected Hints/Tags/Attributes 51/2/14
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_nz/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details Source https://www.trendmicro.com/en_in/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details Source https://www.trendmicro.com/en_my/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 38 
cve-2019-3396
Details CVE 122 
cve-2017-5638
Details Domain 2 
c4k.xpl.pwndns.pw
Details File 12 
d.py
Details File 12 
trojan.py
Details File 2 
kaiten.amv
Details sha256 4 
29316f604f3c0994e8733ea43da8e0e81a559160f5c502fecbb15a71491faf64
Details sha256 5 
35e45d556443c8bf4498d8968ab2a79e751fc2d359bf9f6b4dfd86d417f17cfb
Details sha256 5 
855557e415b485cedb9dc2c6f96d524143108aff2f84497528a8fcddf2dc86a2
Details sha256 5 
fdc7920b09290b8dedc84c82883b7a1105c2fbad75e42aea4dc165de8e1796e3
Details sha256 4 
51654c52e574fd4ebda83c107bedeb0965d34581d4fc095bbb063ecefef08221
Details IPv4 5 
104.244.75.25
Details IPv4 4 
107.189.11.170
Details IPv4 4 
205.185.113.151