Type |
IOC |
Details |
File |
82fb0bfddcd0b8e7660b6fcfdc3fc461 |
Path: /usr/bin/moneroocean |
File |
8c5073a491ab099d2601f99d9a45f005 |
Path: /usr/bin/tsdh |
File |
df386df8c8a376686f788ceff1216f11 |
Path: /usr/bin/kube |
File |
eeb92e008901272242a0df254d720e76 |
Path: /usr/bin/first |
File |
b8568c474fc342621f748a5e03f71667 |
Path: /usr/bin/bioset |
File |
c297e55ca52589d9e885b31b510458f5 |
Path: tmp/xmrig |
File |
4882879ffdac39219bef1146433ec54f |
Path: /usr/bin/tntscan |
File |
8ffdba0c9708f153237aabb7d386d083 |
Path: /usr/bin/docker-update |
File |
00fd2f883600db5c06c7f44f4dcc7e82 |
Path: /usr/bin/skypool |
File |
e6b643c527de53ce134f25bfb17a77f |
Path: /root/diamorphine.c |
Image |
hildeteamtnt/pause-amd64:3.4 |
https://hub.docker.com/r/hildeteamtnt/pause-amd64 |
IP address |
http[:]//85[.]214[.]149[.]236[:]443 |
Attacker’s C2 server |
IP address |
178[.]255[.]151[.]130, 39[.]104[.]93[.]238 |
Attacker’s IP address |
Domain |
teamtnt[.]red |
Attacker’s remote resource |