Tencent Yujian: DDG mining botnet uses SSH weak password to blast Linux server

The Tencent Yujian Threat Intelligence Center issued an early warning today that its security experts found that the Symantec service threat detection system in the Tencent Royal Threshold Advanced Detection System deployed by the customer during the routine security inspection of an enterprise customer. The investigation found that this was an attack initiated by the large mining botnet DDGMiner. DDGMiner is the first mining botnet discovered in 2017. It is characterized by scanning servers such as SSH service, Redis database and OrientDB database, and implanting mining trojans on the compromised servers to exploit Monroe. You can see from the last modified field in the directory of the virus server that the update time of the sample in this attack is 2019-08-29, which is currently 4004.