Tsunami Malware found hidden in image hildeteamtnt/AVscan
August 4, 2020

Two malicious binaries were detected in the container image hildeteamtnt/avscan:latest. The binaries were detected in some of the image’s layers. During runtime the image is set to hijacking the host’s resources and can launch a Denial of Service attack. The image amassed 62 pulls.

Type IOC Details
File cb782b40757d1aba7a3ab7db57b50847 Path: root/SystemHealt
File b27eb2159c808f844d60900e2c81a4df Path: root/AVscan
Image hildeteamtnt/avscan:latest https://hub.docker.com/r/hildeteamtnt/avscan
IP address 178[.]255[.]151[.]130 Attacker’s IP address