Tag: CVE-2023-21839

2 Attack Reports | 0 Vulnerabilities

Attack reports

Examining Water Infection Routine Leading to an XMRig Cryptominer

This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
obfuscation
xmrig
purecrypter
cryptominer
CVE-2023-21839
CVE-2017-3506
2024-06-28
vulnerability exploitation
multi-stage loading
Published: June 28, 2024
Linked vulnerabilities : CVE-2023-21839, CVE-2017-3506
Downloadable IOCs: 13

Decoding Water Sigbin's Latest Obfuscation Tricks

The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
powershell
2024-05-30
exploits
CVE-2023-21839
cryptocoin miner
CVE-2017-3506
Published: May 30, 2024
Linked vulnerabilities : CVE-2023-21839, CVE-2017-3506
Downloadable IOCs: 9
Click here to see more Attack Reports