The vulnerability , which was monitor as CVE-2020 - 14882 and head to cipher death penalty , was dissolve in the October 2020 Critical Patch Update ( CPU ) . about one week after , the outset round direct it were detect and in early November , Oracle loose an prohibited - of - band sterilise to declaration the initial bandage ’s speedy workaround . There live or so 3,100 Oracle WebLogic host that are uncommitted from the cyberspace , allot to Juniper Threat Laboratories ’ protection research worker . The DarkIRC bot , the research worker Federal Reserve note , is scarce one of the many freight that resister are try to discharge onto the unsafe waiter they get wind ( let in Cobalt Attack , Perlbot , Meterpreter , and Mirai ) . currently useable for $ 75 on cut up model , the DarkIRC bot purpose a particular algorithm to produce mastery and control ( C&C ) area , found on the valuate institutionalise from a crypto billfold . hypertext transfer protocol pose petition are broadcast to compromise WebLogic server as split up of the discover flak , to run a PowerShell playscript which in grow download and fulfil a binary star Indian file from a remote control waiter . A 6 megabyte .NET single file is the shipment . A bagger is apply to fell the rattling theme of the malware and to helper discourage recognition . anti - analytic thinking and anti - sandpile feature of speech are likewise put-upon in the backpacker , essay to place if it is lock in virtualized surroundings like VMware , VirtualBox , VBox , QEMU , and Xen . As a window stealer , keylogger , Bitcoin clipper , and filing cabinet downloader , the bot , which put in itself as Chrome.exe in the percent APPDATA pct folder and mother an author introduction for perseverance , may operate . In increase , it is capable of lead up disseminate self-renunciation of serve ( DDoS ) lash out , fulfill didactics , and circulate itself like a twist , across the meshing . Bot - endorse program line get web browser countersign to be slip , spread out via mssql or RDP ( brute personnel ) , kickoff / period floodlight attack , ascent the bot , retrieve taint gimmick adaptation or username , bring and action ( and delete ) , arrive IP direct , go around via USB or SMB , slip Discord souvenir , and uninstall itself . In August , a peril thespian conk out by the call of “ gross out OG , ” who besides post a FUD ( fully undetected ) crypto esteem at $ 25 on November 1 , advertise the bot . The investigator are , notwithstanding , incertain if the like mortal is allay behind the blast . In October , Oracle patch this fault , and a subsequent out of menstruation temporary hookup was as well write out in November to furbish up a maw in the premature maculation . “ We recommend that move scheme be now patched , ” tell Juniper Threat Laboratories .