Hadooken Malware Targets Weblogic Applications

Aqua Nautilus discovered and analyzed Hadooken, a Linux malware campaign targeting exposed or misconfigured Oracle WebLogic servers: attackers gain access via weak credentials, deploy scripts that fetch and execute Hadooken, which drops a cryptominer and a Tsunami binary, establishes persistence via randomized cronjobs, attempts SSH credential harvesting for lateral movement, and includes IOCs (two attacker IPs and multiple MD5 hashes) and MITRE ATT&CK mappings alongside detection and mitigation guidance.