Muhstik botnet, also known as Mushtik, has been targeting cloud infrastructure and IoTs for years. The botnet mainly funds itself by mining cryptocurrency using open source tools like XMRig and cgminer. Cloud security firm Lacework has provided some additional analysis and observations related to this malware. Lacework traced the origin of the botnet to a Chinese forensics firm Shen Zhou Wang Yun, according to the researchers. The site is currently leveraging Google Analytics ID UA-120919167-1.
Source: https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/