#FilelessExecution

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

June 28, 2024 by Xynik

June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

June 28, 2024 by Xynik

June 28, 2024 at 01:26AM Water Sigbin utilizes DLL reflective and process injection to deploy the PureCrypter loader and XMRIG crypto miner, exploiting vulnerabilities in Oracle WebLogic servers. Fileless execution via PowerShell scripts enables evasion of disk-based detection, while .Net Reactor protection ensures code obfuscation. The threat actor employs multiple advanced tactics, emphasizing the need … Read more