We have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems.
MALWARE FAMILY: Kinsing
ATT&CK IDS: T1056 - Input Capture, T1053 - Scheduled Task/Job, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1190 - Exploit Public-Facing Application, T1222 - File and Directory Permissions Modification, T1496 - Resource Hijacking, T1562 - Impair Defenses
Read More:
Comments