Advisory | Malware Intelligence |
Malware | Gitpaste-12 |
Targets | x86_Linux Servers/Linux ARM&MIPS (IoT) |
Known vulnerabilities targeted by the malware
CVE-2017-14135 | Webadmin plugin for opendreambox |
CVE-2020-24217 | HiSilicon based IPTV/H.264/H.265 video encoder |
CVE-2017-5638 | Apache Struts |
CVE-2020-10987 | Tenda router |
CVE-2014-8361 | Miniigd SOAP service in Realtek SDK |
CVE-2020-15893 | UPnP in dlink routers |
CVE-2013-5948 | Asus routers |
EDB-ID: 48225 | Netlink GPON Router |
EDB-ID: 40500 | AVTECH IP Camera |
CVE-2019-10758 | MongoDB |
CVE-2017-17215 | Huawei router |
Malware Components
- Miner module
- Hide.so defense evasion module
- Miner Config
- Shell Script
Impact
Technical Impact
- Unauthorized access to filesystem and operating system functionalities.
- Disables security solutions without users’ consent, thus creating false sense of security.
- Unauthorized resource consumption for crypto mining.
Business Impact
- Performance loss of servers and other assets due to excessive crypto-mining.
- Violation of confidentiality, integrity, and availability of information systems leading to loss of trust and reputation.
- Cost of remediation to “clean” the infected systems.
Mitigation
- Deployment of Host based Intrusion Detection and Prevention System (IDPS).
- Strict firewall filtering.
- Updated monitoring tools and Endpoint detection and response (EDR) solutions.
- Effective traffic control and monitoring.
- Effective resource usage monitoring.
Indicators of Compromise (IOCs)
URLs Service Ports- 30004/TCP
- 30005/TCP
- Miner
- Hide.so
- Miner Config
- Shell script