Tsunami

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
The "Tsunami" malware, a malicious software designed to exploit and damage computer systems, has caused significant cybersecurity disruptions globally. This malware, whose variants include xmrigDeamon, Bioset, dns3, xmrigMiner, docker-update, dns, 64[watchdogd], 64bioset, 64tshd, armbioset, armdns, armtshd, tntscan, SystemHealt, and AVscan, is capable of stealing personal information, disrupting operations, and even holding data hostage for ransom. The Tsunami malware was notably used in illicit online gambling activities by Chinese punters, with much of it organized in South-East Asia by ethnic-Chinese gangs. On October 2, 2023, the Federal Acquisition Regulation (FAR) Council—comprising the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA)—issued two proposed rules in response to this cybersecurity threat. However, the challenge now lies not only in protecting organizations but also in complying with an increasing wave of cyber regulations worldwide. The Tsunami malware has also been linked to Distributed Denial of Service (DDoS) attacks—an online onslaught that can last for days or even months, overwhelming any business. The Tsunami malware's impact extends beyond individual systems—it has potential downstream effects on managed service providers (MSPs) due to its ability to exploit widely-used applications for connectivity. Similar to the Kaseya attacks businesses faced in 2021, threat actors could use MSPs for downstream access, leading to a surge of cybersecurity incidents. Moreover, as many people reuse usernames and passwords, malicious actors could embark on a wave of credential-stuffing attacks. This increase in connectivity represents a disaster from a security and privacy perspective, making each object remotely hackable.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
TeamTNT
3
TeamTNT, a threat actor group known for its malicious activities, has been implicated in a series of sophisticated attacks on Kubernetes, one of the most complex to date. The group is notorious for deploying malware, specifically the Hildegard malware, which was identified during a new campaign. The
Xmrig
3
XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for
Kaiten
3
Kaiten, also known as Tsunami, is a malware variant that operates as a Distributed Denial of Service (DDoS) bot and an IRC bot. It targets vulnerable Internet of Things (IoT) devices and poorly protected Linux SSH servers, often being distributed alongside other DDoS bots like Mirai and Gafgyt. The
Shellbot
2
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
Ziggy
2
Ziggy is a malicious software (malware) known for its damaging and exploitative capabilities. This malware, along with xmrig, can be downloaded and executed via specific scripts. It is associated with various hosted files including TDGG, api.key, tmate, tt.sh, sGAU.sh, t.sh, x86_64.so, xmr.sh, xmrig
Denim Tsunami
1
None
Gafgyt
1
Gafgyt, also known as Bashlite, is a form of malware that infects Linux architecture operating systems to launch Distributed Denial of Service (DDoS) attacks. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrup
Chinaz Ddos Bot
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Cryptominer
Botnet
Ddos
SSH
Docker
Bot
Linux
Exploit
Backdoor
Ddos Botnet
Ransomware
Payload
Microsoft
Worm
Police
Defence
Phishing
Bitsight
Ics
Downloader
Vulnerability
Denial of Se...
Moveit
Zero Day
Credentials
Spyware
Fraud
Sec
Chinese
Asia
Nist
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Xmrig CoinminerUnspecified
2
XMRig CoinMiner is a type of malware that has been identified as part of a wave of attacks on poorly managed Linux SSH servers. These attacks, often conducted by threat actors installing multiple malware families, have been observed to include other harmful software such as ShellBot, Tsunami, and Ch
MiraiUnspecified
2
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Kaiten VariantUnspecified
1
None
OctopusUnspecified
1
Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for
JupyterUnspecified
1
Jupyter, also known as SolarMarker, Yellow Cockatoo, and Jupyter Infostealer, is a malware that has been steadily evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). It is designed to exploit and damage computer sy
KinsingUnspecified
1
Kinsing is a type of malware, malicious software designed to infiltrate and damage computer systems without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites, with potential impacts ranging from stealing personal information to disrupting operations or even
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Charming KittenUnspecified
1
Charming Kitten, an Iranian Advanced Persistent Threat (APT) group also known as ITG18, Phosphorous, and TA453, is a notable threat actor in the cybersecurity landscape. The group has exhibited significant sophistication in its operations, leveraging advanced social engineering techniques to comprom
Crimson SandstormUnspecified
1
Crimson Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran, has been identified as a significant threat actor in the cybersecurity landscape. This entity, potentially connected to the Islamic Revolutionary Guard Corps and active since at least 2017, targets victims across diverse se
Anonymous SudanUnspecified
1
Anonymous Sudan, a threat actor group, has been responsible for several high-profile Distributed Denial of Service (DDoS) attacks. The group's activities have been notable for their political motivations and disruptive impact on targeted organizations. A DDoS attack overwhelms a network or service w
SilentbobUnspecified
1
Silentbob, a threat actor linked to the infamous cryptojacking group known as TeamTNT, has been identified as a significant cybersecurity concern. Silentbob has been involved in an aggressive cloud campaign, infecting as many as 196 hosts. The activity is named after an AnonDNS domain set up by the
KillNetUnspecified
1
Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
DockgeddonUnspecified
1
Dockgeddon is a threat actor identified by Lacework Labs through their Docker API honeypot. The honeypot detected a container image named "dockgeddon" being created from the Megawebmaster account, which is known for its association with TeamTNT utilities. This discovery was made possible through the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tsunami Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
3 months ago
After XZ Utils, More Open-Source Maintainers Under Attack
BankInfoSecurity
3 months ago
Phishing Attacks Targeting Political Parties, Germany Warns
CERT-EU
4 months ago
Eric Vedel, Cisco : Les technologies de Défense doivent capitaliser sur les technologies de Gen AI – Global Security Mag Online
CERT-EU
4 months ago
A patched Windows attack surface is still exploitable
CERT-EU
4 months ago
Neterra Sees 100% Increase in DDoS Attacks Blocked in 2023 – Global Security Mag Online
CERT-EU
4 months ago
The Quad: Can This Democratic Coalition Bolster Global Health Security?
DARKReading
5 months ago
ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware
CERT-EU
5 months ago
ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
5 months ago
Bitsight unveils fully integrated solution for managing entire third-party risk lifecycle
Securityaffairs
6 months ago
Historic data leak reveals 26 billion records: check what's exposed
CERT-EU
6 months ago
Search | arXiv e-print repository
CERT-EU
6 months ago
As Two Billion People go to the Polls in 2024, Foundational LLMs and Misinformation are "The Perfect Storm"
CERT-EU
6 months ago
Understanding the Escalating Threat of Web DDoS Tsunami Attacks
CERT-EU
6 months ago
Plum Book, Twitter, Planner Apps, More: Tuesday Afternoon ResearchBuzz, January 2, 2024
CERT-EU
6 months ago
The Hindu Morning Digest: December 31, 2023
CERT-EU
7 months ago
2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm
CERT-EU
7 months ago
Researchers warn of a surge in attacks on poorly secured Linux SSH servers
BankInfoSecurity
7 months ago
New Attack Campaign Targets Poorly Managed Linux SSH Servers
Securityaffairs
7 months ago
Experts analyzed attacks against poorly managed Linux SSH servers
CERT-EU
7 months ago
IT security strategies to protect against ransomware, data breaches | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting