Tag: CVE-2017-3506
2 attack reports | 0 vulnerabilities
Attack reports
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9