The vulnerability , which was supervise as CVE-2020 - 14882 and precede to codification execution of instrument , was purpose in the October 2020 Critical Patch Update ( CPU ) . more or less one hebdomad after , the foremost fire aim it were notice and in former November , Oracle bring out an come out - of - circle limit to dissolve the initial bandage ’s immediate workaround . There be roughly 3,100 Oracle WebLogic waiter that are available from the net , allot to Juniper Threat Laboratories ’ security measures researcher . The DarkIRC bot , the researcher remark , is equitable one of the many warhead that opposer are essay to dip onto the insecure server they identify ( include Cobalt Attack , Perlbot , Meterpreter , and Mirai ) . currently uncommitted for $ 75 on cut up pose , the DarkIRC bot utilize a particular algorithm to make dominate and control ( C&C ) arena , found on the appreciate station from a crypto wallet . hypertext transfer protocol perplex request are charge to compromise WebLogic waiter as depart of the mention onslaught , to carry out a PowerShell handwriting which in play download and carry out a binary program lodge from a outback waiter . A 6 Mbit .NET file away is the consignment . A bagger is expend to blot out the substantial motif of the malware and to serve discourage recognition . anti - depth psychology and anti - sandpile feature are too use in the meat packer , look for to place if it is operate in virtualized environs like VMware , VirtualBox , VBox , QEMU , and Xen . As a windowpane thief , keylogger , Bitcoin clipper ship , and lodge downloader , the bot , which set up itself as Chrome.exe in the percent APPDATA pct brochure and mother an source entry for perseverance , may officiate . In improver , it is subject of lead up deal out defence of service of process ( DDoS ) attack , accomplish instruction manual , and open itself like a insect , across the mesh . Bot - hold up statement causal agent web browser parole to be slip , go around via mssql or RDP ( savage military force ) , beginning / plosive deluge fire , upgrade the bot , remember infect twist adaptation or username , fetch and action ( and erase ) , incur informatics name and address , disseminate via USB or SMB , steal Discord token , and uninstall itself . In August , a peril histrion perish by the discover of “ monstrosity OG , ” who too brand a FUD ( fully undetected ) crypto measure at $ 25 on November 1 , push the bot . The research worker are , nonetheless , shy if the like somebody is yet behind the set on . In October , Oracle patch this blemish , and a subsequent out of period plot was as well come forth in November to fixture a hollow in the previous patch . “ We advocate that touched organisation be now patched , ” read Juniper Threat Laboratories .