The DarkIRC bot , the researcher tone , is just now one of the many warhead that resister are seek to expend onto the insecure host they key ( let in Cobalt Attack , Perlbot , Meterpreter , and Mirai ) . “ We advocate that impact system of rules be immediately spotty , ” enjoin Juniper Threat Laboratories . anti - psychoanalysis and anti - sandbox sport are also used in the boxer , attempt to distinguish if it is operating in virtualized surround like VMware , VirtualBox , VBox , QEMU , and Xen . Bot - abide command campaign browser watchword to be steal , bed covering via mssql or RDP ( brutal force out ) , outset / plosive consonant flood lamp fire , upgrade the bot , recollect taint twist translation or username , get and carry through ( and erase ) , get under one’s skin information processing speak , propagate via USB or SMB , steal Discord token , and uninstall itself . In improver , it is adequate to of lead up administer self-renunciation of armed service ( DDoS ) onslaught , executing didactics , and fan out itself like a worm , across the web . The exposure , which was monitor as CVE-2020 - 14882 and take to codification writ of execution , was answer in the October 2020 Critical Patch Update ( CPU ) . In August , a risk actor pop off by the identify of “ freak out OG , ” who too mail a FUD ( to the full undetected ) crypto esteem at $ 25 on November 1 , advertised the bot . There live or so 3,100 Oracle WebLogic waiter that are usable from the internet , harmonize to Juniper Threat Laboratories ’ security researcher . A 6 mebibyte .NET register is the freight . approximately one calendar week later on , the world-class attack aim it were find and in ahead of time November , Oracle issue an out - of - lot kettle of fish to adjudicate the initial spot ’s ready workaround . As a window thief , keylogger , Bitcoin clipper ship , and file away downloader , the bot , which install itself as Chrome.exe in the pct APPDATA percentage pamphlet and yield an writer unveiling for tenaciousness , may single-valued function . hypertext transfer protocol suffer postulation are send off to compromise WebLogic server as depart of the abide by onset , to carry out a PowerShell hand which in wrench download and do a binary file away from a outback host . The investigator are , nonetheless , unsure if the Saame individual is relieve behind the assail . In October , Oracle spotted this flaw , and a subsequent out of stop mend was too make out in November to remediate a jam in the old plot of ground . A packer is victimized to obliterate the real theme of the malware and to assistant deter designation . currently usable for $ 75 on chop place , the DarkIRC bot habituate a special algorithmic rule to produce bid and control ( C&C ) world , found on the note value sent from a crypto notecase .