New Campaign Targeting Apache Struts 2, WebLogic Deploys Malware Using VBScript
ATT&CK techniques detected
T1190Exploit Public-Facing Application
98%
"new campaign targeting apache struts 2, weblogic deploys malware using vbscript figure 1 : apache struts 2 campaign attempting to download and execute windows executable around the same timeframe, the same threat actor added the oracle weblogic wls - wsat rce exploit while trying…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
98%
"weblogic, iis webdav, clipbucket streaming server, and gpon routers. the operation prowli campaign4 actively targets joomla k2, wordpress, hp data protector, and a variety of dsl modems. with the vast availability of new exploits and the competition for victims ’ resources follow…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
97%
". unavailable malware files combined with the fact that these were non - bot machines indicates the possibility that this operation is still under development and a full botnet infrastructure has not been deployed yet. spearhead vbscript while vbscript is commonly used by attacke…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.