Commando Cat A Novel Cryptojacking Attack Abusing Docker Remote API Servers
This report details a cryptojacking campaign exploiting exposed Docker remote API servers. Threat actors employ the cmd.cat/chattr Docker image for initial access utilizing techniques like chroot and volume binding to break out of the container and access host systems. They deploy cryptocurrency miners and establish command and control infrastructure. The analysis provides indicators of compromise recommended mitigations and relevant MITRE ATT&CK techniques.