216.73.216.86

Examining Water Infection Routine Leading to an XMRig Cryptominer

· Published 28/06/2024 07:39 · Modified 28/06/2024 07:57

Export JSON

Essential information

Published
28/06/2024 07:39
Modified
28/06/2024 07:57
Tags
2024-06-28 CVE-2017-3506 CVE-2023-21839 cryptominer multi-stage loading obfuscation purecrypter vulnerability exploitation xmrig
Related entities
2 vulnerabilities (cve), 13 observables, 1 intrusion sets (apt), 17 techniques (mitre), 2 malware

Description

This report details the technique utilized by the threat actor Water Sigbin to deliver the loader and cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injection to evade disk-based detection mechanisms. The malware uses code protection software and anti-debugging techniques for , making analysis challenging.

External references