ioc[.]one - OSINT Cyber Threat Intelligence Database

Exposed Docker Server Abused to Drop Cryptominer DDoS Bot

Tags

country:	China
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Confluence - T1213.001 Cron - T1053.003 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Vulnerabilities - T1588.006 Third-Party Software - T1072

Show in Graph

Common Information

Type	Value
UUID	fc479551-8a86-4a6f-bcd1-f25064696f0b
Fingerprint	b80789988567630f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 8, 2020, midnight
Added to db	Sept. 11, 2022, 12:42 p.m.
Last updated	Nov. 17, 2024, 5:55 p.m.
Headline	Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
Title	Exposed Docker Server Abused to Drop Cryptominer DDoS Bot
Detected Hints/Tags/Attributes	51/2/15

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details	Source	https://www.trendmicro.com/en_id/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details	Source	https://www.trendmicro.com/en_fi/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details	Source	https://www.trendmicro.com/en_ca/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
Details	Source	https://www.trendmicro.com/en_ph/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	38		cve-2019-3396
Details	CVE	122		cve-2017-5638
Details	Domain	2		c4k.xpl.pwndns.pw
Details	File	12		d.py
Details	File	12		trojan.py
Details	File	2		kaiten.amv
Details	sha256	4		29316f604f3c0994e8733ea43da8e0e81a559160f5c502fecbb15a71491faf64
Details	sha256	5		35e45d556443c8bf4498d8968ab2a79e751fc2d359bf9f6b4dfd86d417f17cfb
Details	sha256	4		9b8280f5ce25f1db676db6e79c60c07e61996b2b68efa6d53e017f34cbf9a872
Details	sha256	5		855557e415b485cedb9dc2c6f96d524143108aff2f84497528a8fcddf2dc86a2
Details	sha256	5		fdc7920b09290b8dedc84c82883b7a1105c2fbad75e42aea4dc165de8e1796e3
Details	sha256	4		51654c52e574fd4ebda83c107bedeb0965d34581d4fc095bbb063ecefef08221
Details	IPv4	5		104.244.75.25
Details	IPv4	4		107.189.11.170
Details	IPv4	4		205.185.113.151