Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer
June 28, 2024 at 01:26AM Water Sigbin utilizes DLL reflective and process injection to deploy the PureCrypter loader and XMRIG crypto miner, exploiting vulnerabilities in Oracle WebLogic servers. Fileless execution via PowerShell scripts enables evasion of disk-based detection, while .Net Reactor protection ensures code obfuscation. The threat actor employs multiple advanced tactics, emphasizing the need … Read more