Juniper Threat Labs researchers observed active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution. One particular payload installs a bot called DarkIRC. This bot is currently being sold on hack forums for $75USD. The malware implements a Bitcoin clipper feature to hijack bitcoin transactions on the infected system by changing the copied bitcoin. address to the malware operators bitcoin wallet address. It connects to its Command and Control via IRC with an added encryption XOR encryption.”]
Source: https://gbhackers.com/oracle-weblogic-vulnerability/