Gitpaste-12 Malware Targets Multiple Known Vulnerabilities

Published on December 1, 2020 | 10:39 PM IST

Share this Advisory:

Advisory Malware Intelligence
Malware  Gitpaste-12
Targets x86_Linux Servers/Linux ARM&MIPS (IoT)

Gitpaste-12 is a wormable malware which has the ability to form a network of bots for crypto-mining. Gitpaste-12 is also capable of cracking passwords via brute-forcing and using exploits for known vulnerabilities on infected hosts. The malware uses GitHub and Pastebin to host its code and payload. Pastebin is used as a Command and Control (C&C) to control its victims.

 As part of defence evasion, the malware disables firewalls, monitoring solutions, Linux AppArmor etc., to prepare the environment for further compromise. It also targets lower-end systems of ARM and MIPS, especially IoT devices.

Known vulnerabilities targeted by the malware

CVE-2017-14135 Webadmin plugin for opendreambox
CVE-2020-24217 HiSilicon based IPTV/H.264/H.265 video encoder
CVE-2017-5638 Apache Struts
CVE-2020-10987 Tenda router
CVE-2014-8361 Miniigd SOAP service in Realtek SDK
CVE-2020-15893 UPnP in dlink routers
CVE-2013-5948 Asus routers
EDB-ID: 48225 Netlink GPON Router
EDB-ID: 40500 AVTECH IP Camera
CVE-2019-10758 MongoDB
CVE-2017-17215 Huawei router

Note: EBD-ID : Exploit Database ID


Malware Components

  • Miner module
  • defense evasion module
  • Miner Config
  • Shell Script



Technical Impact

  • Unauthorized access to filesystem and operating system functionalities.
  • Disables security solutions without users’ consent, thus creating false sense of security.
  • Unauthorized resource consumption for crypto mining.  


Business Impact

  • Performance loss of servers and other assets due to excessive crypto-mining. 
  • Violation of confidentiality, integrity, and availability of information systems leading to loss of trust and reputation.
  • Cost of remediation to “clean” the infected systems.



  • Deployment of Host based Intrusion Detection and Prevention System (IDPS).
  • Strict firewall filtering.
  • Updated monitoring tools and Endpoint detection and response (EDR) solutions.
  • Effective traffic control and monitoring.
  • Effective resource usage monitoring.


Indicators of Compromise (IOCs)



Service Ports

  • 30004/TCP
  • 30005/TCP


Hashes (SHA-256)

  • Miner




  • Miner Config


  • Shell script


Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.