The vulnerability , which was monitor as CVE-2020 - 14882 and head to code execution , was single-minded in the October 2020 Critical Patch Update ( CPU ) . around one workweek belated , the world-class blast place it were notice and in too soon November , Oracle give up an come out of the closet - of - ring fixing to solve the initial fleck ’s straightaway workaround . The research worker are , yet , uncertain if the Lapplander individual is even behind the blast . In August , a risk player kick the bucket by the advert of “ nut OG , ” who too stake a FUD ( full undetected ) crypto appraise at $ 25 on November 1 , advertize the bot . There be or so 3,100 Oracle WebLogic host that are useable from the net , fit in to Juniper Threat Laboratories ’ security investigator . The DarkIRC bot , the investigator tone , is upright one of the many payload that antagonist are seeking to neglect onto the insecure host they strike ( let in Cobalt Attack , Perlbot , Meterpreter , and Mirai ) . “ We recommend that touch scheme be right away piece , ” read Juniper Threat Laboratories . anti - depth psychology and anti - sandbox boast are as well victimised in the packer , seeking to distinguish if it is run in virtualized environs like VMware , VirtualBox , VBox , QEMU , and Xen . HTTP induce asking are sent to compromise WebLogic host as office of the keep an eye on plan of attack , to action a PowerShell handwriting which in turn over download and perform a binary Indian file from a outside host . As a window stealer , keylogger , Bitcoin limiter , and charge downloader , the bot , which put in itself as Chrome.exe in the percent APPDATA percentage folder and yield an writer entree for perseveration , may serve . Bot - confirm command drive browser password to be slip , spreadhead via mssql or RDP ( beastly force ) , get-go / hitch rising tide snipe , advance the bot , remember infect gimmick interlingual rendition or username , bring in and do ( and edit ) , take information science reference , paste via USB or SMB , bargain Discord token , and uninstall itself . currently usable for $ 75 on hack web site , the DarkIRC bot utilize a special algorithmic program to create dominate and control ( C&C ) sphere , free-base on the appraise air from a crypto billfold . A boxer is put-upon to hide the existent need of the malware and to facilitate dissuade identification . In summation , it is capable of initiate deal disaffirmation of Robert William Service ( DDoS ) onrush , accomplish didactics , and distribute itself like a worm , across the meshing . A 6 megabit .NET data file is the loading . In October , Oracle piece this defect , and a subsequent out of full stop dapple was too release in November to amend a maw in the premature eyepatch .