Tsunami malware affects Linux systems and spreads by brute forcing SSH or exploiting vulnerable software. It has functionality to act as a DDoS botnet, wipe logs, perform privilege escalation, and mine cryptocurrency with xmrig.
Tsunami commonly uses the IRC protocol for command and control.
https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami