| Type | IOC | Details |
| File | 82fb0bfddcd0b8e7660b6fcfdc3fc461 | Path: /usr/bin/moneroocean |
| File | 8c5073a491ab099d2601f99d9a45f005 | Path: /usr/bin/tsdh |
| File | df386df8c8a376686f788ceff1216f11 | Path: /usr/bin/kube |
| File | eeb92e008901272242a0df254d720e76 | Path: /usr/bin/first |
| File | b8568c474fc342621f748a5e03f71667 | Path: /usr/bin/bioset |
| File | c297e55ca52589d9e885b31b510458f5 | Path: tmp/xmrig |
| File | 4882879ffdac39219bef1146433ec54f | Path: /usr/bin/tntscan |
| File | 8ffdba0c9708f153237aabb7d386d083 | Path: /usr/bin/docker-update |
| File | 00fd2f883600db5c06c7f44f4dcc7e82 | Path: /usr/bin/skypool |
| File | e6b643c527de53ce134f25bfb17a77f | Path: /root/diamorphine.c |
| Image | hildeteamtnt/pause-amd64:3.4 | https://hub.docker.com/r/hildeteamtnt/pause-amd64 |
| IP address | http[:]//85[.]214[.]149[.]236[:]443 | Attacker’s C2 server |
| IP address | 178[.]255[.]151[.]130, 39[.]104[.]93[.]238 | Attacker’s IP address |
| Domain | teamtnt[.]red | Attacker’s remote resource |
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
