Botnet

Tsunami

First seen: 2010 • Status: active

Currently Active Threat

Tsunami is an old but still active Linux botnet that hackers control through chat rooms to launch attacks.

Overview

Tsunami is an IRC-based Linux botnet used for DDoS attacks. Various variants target different vulnerabilities and are commonly deployed on compromised servers.

Also Known As

Kaiten, Muhstik

How It Spreads

  • Web application vulnerabilities
  • SSH brute force
  • Container escape

What It Does

  • DDoS attacks
  • IRC-based C2
  • Cryptocurrency mining
  • Backdoor access

Is your business exposed?

Target Platforms

Linux

Detection Tips

  • Monitor for IRC C2 traffic
  • Check for DDoS-related processes
  • Analyze mining activity
  • Review web server logs

MITRE ATT&CK Techniques

T1190, T1110, T1498, T1071

If You're Infected

  1. 1.

    Remove Tsunami from systems

  2. 2.

    Patch exploited vulnerabilities

  3. 3.

    Block IRC C2 channels

  4. 4.

    Review container security

Related Malware

Xorddos, Mirai, Gafgyt

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices