Today > 2 Critical | 3 High | 25 Medium vulnerabilities - You can now download lists of IOCs here!
2 attack reports | 0 vulnerabilities
This analysis uncovers a significant infection chain targeting Windows and Linux systems through Oracle WebLogic vulnerabilities. The attackers, likely the 8220 Gang, exploit CVE-2017-10271 and CVE-2020-14883 to deploy malware including K4Spreader, Tsunami backdoor, and cryptominers. The infection …
QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is s…