top of page
Search

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

We have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems.




MALWARE FAMILY: Kinsing


ATT&CK IDS: T1056 - Input Capture, T1053 - Scheduled Task/Job, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1190 - Exploit Public-Facing Application, T1222 - File and Directory Permissions Modification, T1496 - Resource Hijacking, T1562 - Impair Defenses


Read More:

4 views

Comments


Commenting has been turned off.
bottom of page