TLP
TLP CLEAR
Authors
Sebastien Tricaud, David Deflache
Summary
GoBruteforcer is a newly discovered Golang-based malware that targets web servers running phpMyAdmin, MySQL, FTP, and Postgres services. The malware was found on a legitimate website and utilizes different processor architectures. It deploys an IRC bot for communication with the attacker’s server and uses specific conditions and weak passwords to successfully execute its attack. Palo Alto Networks offers protections against malware like GoBruteforcer through their security services. The malware’s attack chain involves scanning the network, gaining access via brute force, deploying the IRC bot, and querying the victim system with a PHP web shell. GoBruteforcer primarily targets Unix-like platforms and is believed to be actively developed with potential changes to its infection vectors and payloads.
DATA
TIMELINE
CATEGORY
Malware
references
- https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/