Muhstik botnet targets vulnerabilities in Oracle WebLogic, Drupal. Botnet has been operating for at least two years, according to security firm Lacework. Botnets are targeting vulnerabilities in web applications to increase the botnet’s reach. Lacework researchers found hints that botnet might have its origins in China. The botnet leverages source code from the Mirai botnet, including a memory scraper, which can kill other malware within a device, researchers say. The researchers also found that MuhStik also uses the IRC protocol to communicate with its command-and-control server.”]
Source: https://www.cuinfosecurity.com/muhstik-botnet-targets-flaws-in-oracle-weblogic-drupal-a-15356