"xmrig miner now targeting oracle weblogic and jenkins servers to mine monero last week, a malware campaign targeting jenkins automation servers was reported by checkpoint researchers. 1 the attackers exploited a deserialization vulnerability2 in jenkin ’ s bidirectional channel (…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
91%
": 5319 / minerxmr. exe ', ' c : \ minerxmr. exe ' ) ; start c : \ minerxmr. exe this command invokes a powershell process in hidden mode and downloads a malicious file to the c : \ directory on the vulnerable server. after the download is complete, the powershell process executes…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
89%
"coordinatorporttype web service, which is part of the wls security component of weblogic. an unauthenticated attacker can exploit this vulnerability by sending a malicious serialized object in the form of xml to a vulnerable end point. this object is then deserialized by the java…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
63%
"coordinatorporttype web service, which is part of the wls security component of weblogic. an unauthenticated attacker can exploit this vulnerability by sending a malicious serialized object in the form of xml to a vulnerable end point. this object is then deserialized by the java…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The same drop zone server used last week to mine Monero on compromised Jenkins automation servers is now being used in a new Monero mining campaign targeting Oracle Web Logic servers.