Xwo is a Python-based bot scanner intended for reconnaissance activity. Based on IP ranges received from a command and control (C2) server, the utility probes for default passwords for services and reports back the results. It is not a malicious tool, but it enables malicious activity. Xow is not built on 100% original code, but some of it is identical with parts of Xbash, a malware with cryptojacking capabilities that targets Linux and Microsoft servers. Xbash is similar to MongoLock, as it looks for unprotected databases (MySQL, Postgres, MongoDB) and deletes them; what’s left behind is a ransom note.
Source: https://www.bleepingcomputer.com/news/security/new-xwo-web-scanner-helps-mongolock-ransomware-find-victims/