ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Summary
Hide β²
Show βΌ
The ShadowV2 botnet targets misconfigured Docker containers on AWS to deploy a Go-based malware, turning infected systems into DDoS attack nodes. The botnet uses advanced DDoS techniques and a Python-based C2 framework hosted on GitHub Codespaces. It incorporates a Python-based spreader module to breach Docker daemons and a Go-based RAT for command execution and communication. The botnet is designed to offer a DDoS-for-Hire service, with an extensive API and user interface. The botnet was first detected on June 24, 2025. It uses sophisticated methods such as HTTP/2 Rapid Reset and Cloudflare UAM bypass. The C2 server is hosted behind Cloudflare, and the botnet leverages containerization and modular functionality to deliver attacks.
Timeline
-
23.09.2025 14:26 π° 1 articles Β· β± 9h ago
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
The ShadowV2 botnet targets misconfigured Docker containers on AWS to deploy a Go-based malware, turning infected systems into DDoS attack nodes. The botnet uses advanced DDoS techniques and a Python-based C2 framework hosted on GitHub Codespaces. It incorporates a Python-based spreader module to breach Docker daemons and a Go-based RAT for command execution and communication. The botnet is designed to offer a DDoS-for-Hire service, with an extensive API and user interface. The botnet was first detected on June 24, 2025. It uses sophisticated methods such as HTTP/2 Rapid Reset and Cloudflare UAM bypass. The C2 server is hosted behind Cloudflare, and the botnet leverages containerization and modular functionality to deliver attacks.
Show sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
Information Snippets
-
The ShadowV2 botnet targets misconfigured Docker containers on AWS cloud servers.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet deploys a Go-based malware to turn infected systems into DDoS attack nodes.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet uses a Python-based C2 framework hosted on GitHub Codespaces.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet incorporates a Python-based spreader module to breach Docker daemons.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet uses a Go-based remote access trojan (RAT) for command execution and communication.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet uses advanced DDoS techniques such as HTTP/2 Rapid Reset and Cloudflare UAM bypass.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet is designed to offer a DDoS-for-Hire service, with an extensive API and user interface.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet was first detected on June 24, 2025.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The C2 server is hosted behind Cloudflare to conceal its true origins.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26
-
The botnet leverages containerization and modular functionality to deliver attacks.
First reported: 23.09.2025 14:26π° 1 source, 1 articleShow sources
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service β thehackernews.com β 23.09.2025 14:26