New Golang Worm Drops XMRig Miner on Servers
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Password Spraying - T1110.003 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Brute Force - T1110 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 99bb62ad-cf59-4b10-bf5c-f92151ee7329
Fingerprint 25a33c39c9722e83
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 29, 2020, 2:13 p.m.
Added to db Sept. 11, 2022, 12:38 p.m.
Last updated Dec. 21, 2024, 9:08 a.m.
Headline Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers
Title New Golang Worm Drops XMRig Miner on Servers
Detected Hints/Tags/Attributes 55/2/14
Source URLs
Redirection Url
Details Source https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
URL Provider
Details Provider Source level domain
Details intezer.com www.intezer.com
Attributes
Details Type #Events CTI Value
Details CVE 76 
cve-2020-14882
Details Domain 2 
ld.sh
Details Domain 12 
ldr.sh
Details Domain 26 
os.name
Details Domain 1 
weblogic.work
Details File 1 
ld.ps1
Details File 5 
ldr.ps1
Details File 3 
1.jsp
Details File 25 
c.exe
Details File 8 
work.exe
Details File 2328 
cmd.exe
Details File 1 
weblogic.xml
Details md5 1 
ead2cf8ab7aef63706b40eb57d668d0a
Details IPv4 3 
185.239.242.71