Recently, AT&T Alien Labs identified a new malware family that is actively scanning for exposed web services and default passwords. Based on our findings we are calling it “Xwo” – taken from its primary module name. It is likely related to the previously reported malware families Xbash and MongoLock.

https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner