ELF/GuardMiner.WOARK!tr
Analysis
ELF/GuardMiner.WOARK!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge.
Below are some of its observed characteristics/behaviours:
- GuardMiner is a cross-platform mining trojan that was developed to target Linux and Windows operating systems.
- This trojan is used to mine cryptocurrencies by utilizing a user's computing resources while running in the background. The result of the execution of the application may vary from poor system performance and lagging to system instability and high CPU usage.
- This malware is related to the CVE-2022-22954 vulnerability, affecting VMware Workspace ONE Access and Identity Manager.
- The malware has been associated with the following third party article/advisory.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
- Md5: 2d282c09fdb9df557fccb21f8e915622
Sha256: 4b4c0d3cb708612b1fdb0394e029e507e4c0f6136fc44e415200694624ed5b68 - Md5: 8c03343112c1372e68da4c08032b292a
Sha256: f2a6827ea5f60cefc2f6528269b2d1557a7cc1e68f84edca4029e819dd0509cb
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |