Hadooken Malware Targets Weblogic Applications

1(520) 261-1728

Hadooken Malware Targets Weblogic Applications

Aqua Nautilus researchers identified a Linux malware, named Hadooken, targeting Oracle WebLogic servers. Upon gaining initial access through an exploited weak password, Hadooken deploys a cryptominer and the Tsunami malware. The report details the attack flow, techniques employed by the threat actors, including remote code execution, persistence mechanisms, and lateral movement. It also provides Indicators of Compromise (IOCs) and recommendations for detecting and mitigating such attacks. Author: AlienVault

Related Tags:
Hadooken

T1059.008

T1076

Tsunami

T1059.006

lateral movement

mallox

T1059.001

T1499

Associated Indicators:
1FCC2061F767574044CA1E97F92CA1D44EE0B35E0A796E3BD6A949AD4B1175E5

4A3DC35D4853665D4D08F0C5220E650F28EB9C06

94851BCC8F9C651BCDA0FF33D17356CB0B16CF12

4A12098C3799CE17D6D59DF86ED1A5B6

9BEA7389B633C331E706995ED4B3999C

CDF3FCE392DF6FBB3448C5D26C8D053E

249871CB1C396241C9FCD0FD8F9AD2AE

C1897EA9457343BD8E73F98A1D85A38F

8EEF5AA6FA9859C71B55C1039F02D2E6

Threat Intel Solutions

Hadooken Malware Targets Weblogic Applications

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us