Doki Infecting Docker Servers in the Cloud
released on 2020-07-29 @ 03:34:27 PM
Recently, Intezer Labs has detected a new malware payload that is different from the standard cryptominers typically deployed in Docker container attacks. Doki uses a previously undocumented method to contact its operator by abusing the Dogecoin cryptocurrency blockchain in a unique way in order to dynamically generate its C2 domain address. The malware is a fully undetected backdoor which we have named Doki.