Go malware on the rise - Avast Threat Labs
Tags
country: Russia
attack-pattern: Data Direct Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Unix Shell - T1059.004 Web Service - T1481 Unix Shell - T1623.001 Powershell - T1086 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID 59714bbd-2655-47e4-b523-af0f79131238
Fingerprint b5163b0905f79681
Analysis status DONE
Considered CTI value 2
Text language
Published July 13, 2022, 1:35 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 8, 2024, 9:35 a.m.
Headline Go malware on the rise
Title Go malware on the rise - Avast Threat Labs
Detected Hints/Tags/Attributes 63/2/24
Source URLs
Redirection Url
Details Source https://decoded.avast.io/davidalvarez/go-malware-on-the-rise/
Details Source https://decoded.avast.io/davidalvarez/go-malware-on-the-rise/?utm_source=rss&utm_medium=rss&utm_campaign=go-malware-on-the-rise
URL Provider
Details Provider Source level domain
Details avast.io decoded.avast.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 100 Avast Threat Labs https://decoded.avast.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 3 
cve-2021-24098
Details CVE 1 
cve-2021-28312
Details Domain 1 
config.fish
Details Domain 4 
bashupload.com
Details Domain 1 
backdoor-archive.zip
Details File 12 
report.txt
Details File 4 
agent.log
Details File 1 
backdoor-archive.zip
Details File 1 
run-script.ps1
Details sha256 1 
34366a8dab6672a6a93a56af7e27722adc9581a7066f9385cd8fd0feae64d4b0
Details sha256 1 
147aac7a9e7acfd91edc7f09dc087d1cd3f19c4f4d236d9717a8ef43ab1fe6b6
Details sha256 1 
1945fb3e2ed482c5233f11e67ad5a7590b6ad47d29c03fa53a06beb0d910a1a0
Details sha256 1 
4a1bb0a3a83f56b85f5eece21e96c509282fec20abe2da1b6dd24409ec6d5c4d
Details sha256 1 
6cfe724eb1b1ee1f89c433743a82d521a9de87ffce922099d5b033d5bfadf606
Details sha256 1 
71b2c5a263131fcf15557785e7897539b5bbabcbe01f0af9e999b39aad616731
Details sha256 1 
99d523668c1116904c2795e146b2c3be6ae9db67e076646059baa13eeb6e8e9b
Details sha256 1 
fe7369b6caf4fc755cad2b515d66caa99ff222c893a2ee8c8e565121945d7a9c
Details sha256 1 
97195b683fb1f6f9cfb6443fbedb666b4a74e17ca79bd5e66e5b4e75e609fd22
Details sha256 1 
edcfdc1aa30a94f6e12ccf3e3d1be656e0ec216c1e852621bc11b1e216b9e001
Details IPv4 2 
45.95.55.24
Details IPv4 1 
185.174.136.162
Details Url 1 
http://185.174.136.162/4ejski_bejenec
Details Url 1 
https://bashupload.com
Details Url 1 
https://bashupload.com/backdoor-archive.zip