Found this in our threat feed:
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/l/linux-cryptocurrency-mining-attacks-enhanced-via-chaos-rat-/iocs-linux-cryptocurrency-mining-attacks-enhanced-via-chaos-rat.txt

Trend Micro found a campaign with chaos rat dropping XMRIG miners it looks like? The blog post is gone, but the file hashes and IOCs are still there. It looks like we have some coverage via:

2024897 ET USER_AGENTS Go HTTP Client User-Agent

2037145 ET MALWARE Win32/Khaosz.A!MTB Checkin

Of course the Go HTTP Client User-Agent rule is very generic coverage for software using the Go language HTTP library default user-agent. More often than not, that warrants looking at (hunting) but the results may not necessarily be malicious.

#Malware #ThreatIntel #iocs #iocsharing #Snort #Suricata #Cryptojacking #ChaosRAT