There always seems to be a low signal-to-noise ratio when it comes to malware which targets Linux.
But I did find more details here:
https://www.securityweek.com/magnet-...lnerabilities/
"Magnet Goblin was seen targeting publicly disclosed vulnerabilities in Ivanti VPNs (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893), Magento (CVE-2022-24086), Qlik Sense (CVE-2023-41265, CVE-2023-41266, and CVE-2023-48365), and possibly Apache ActiveMQ."
I'd suggest that if you're not running Ivanti VPN, Magento, Qlik Sense or Apache ActiveMQ, then you don't have anything to worry about.
If you
are running one of those services, you should double-check your updates and set your firewall to deny all traffic to/from 172.86.66.165.
