The attacker uses a Docker Hub user to host a specific container designed to appear innocuous as a MySQL image for Docker. Static analysis of the malware’s ELF executable revealed a 64-bit, statically ...