Tsunami Malware hidden in a Docker Hub image
June 27, 2020

Two malicious binaries were detected in the container image hildeteamtnt/dockerfirst:latest. The binaries were detected in some of the image’s layers. During runtime the images are set to hijacking the host’s resources and allow the attacker to launch a Denial of Service attack. The image amassed 51 pulls.

Type IOC Details
File b7ad755d71718f2adf3a6358eacd32a3 Path: /usr/bin/dns
File ecf5c4e29490e33225182ef45e255d51 Path: /usr/bin/docker-update
Image hildeteamtnt/dockerfirst:latest https://hub.docker.com/r/hildeteamtnt/dockerfirst
IP address 45[.]9[.]148[.]123 Attacker’s C2 server
IP address 178[.]255[.]151[.]130, 39[.]104[.]93[.]238 Attacker’s IP address
Domain teamtnt[.]red Attacker’s remote resource
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links