Type | IOC | Details |
File | b7ad755d71718f2adf3a6358eacd32a3 | Path: /usr/bin/dns |
File | ecf5c4e29490e33225182ef45e255d51 | Path: /usr/bin/docker-update |
Image | hildeteamtnt/dockerfirst:latest | https://hub.docker.com/r/hildeteamtnt/dockerfirst |
IP address | 45[.]9[.]148[.]123 | Attacker’s C2 server |
IP address | 178[.]255[.]151[.]130, 39[.]104[.]93[.]238 | Attacker’s IP address |
Domain | teamtnt[.]red | Attacker’s remote resource |