I would agree that the author of the write-up took some creative liberties in applying certain malware category terms like "trojan" and "backdoor" and that it lacks the polish and depth found in other reports from malware reverse engineers.
However it contains enough basic information for a site operator to search their logs and filesystem to see if they have those indicators of compromise. It's "nice" in the sense that someone published the details of an attack quickly and provided some key details to the community, who can expand on these findings or use them in signature-based antivirus detection tools.
I also linked to the Virustotal report which has more information about the go executable including headers, exported symbols and debug information that you can see for free, and which has more detailed analysis for security researchers who have an enterprise subscription.
I wouldn't really call it "creative liberties", I would simply call it misleading the reader. Words mean things, and seeing it described as a "trojan horse" might lead you to think you're safe if you haven't downloaded and run anything dubious.
But I agree that among the BS, there is useful information there. It's worth reading for people who may be affected even if I don't think it's "nice".
What would you consider a misleading about its description of the behavior as a “backdoor?
The write-up describes it as a persistent executable payload and goes on to enumerate the C2 commands that it reportedly received from a remote server, for which some IPs are provided.
Whether or not it’s a trojan depends on how it got onto the system in the first place. There isn’t more information in the article about how the system was infected, but maybe the author didn’t have evidence to share. That doesn’t mean it’s wrong, just that more details would be needed to substantiate that aspect of the attack.
However it contains enough basic information for a site operator to search their logs and filesystem to see if they have those indicators of compromise. It's "nice" in the sense that someone published the details of an attack quickly and provided some key details to the community, who can expand on these findings or use them in signature-based antivirus detection tools.
I also linked to the Virustotal report which has more information about the go executable including headers, exported symbols and debug information that you can see for free, and which has more detailed analysis for security researchers who have an enterprise subscription.