Muhstik botnet targets vulnerabilities in Oracle WebLogic, Drupal content management system. The botnet has been operating for at least two years, according to security firm Lacework. Lacework researchers found hints that the botnet might have its origins in China. The researchers also found the Botnet leverages source code from the Mirai botnet, which includes a memory scraper, which can kill other malware within a device, to grow its network and perform other tasks, such as mining for cryptocurrency.”]
Source: https://www.govinfosecurity.com/muhstik-botnet-targets-flaws-in-oracle-weblogic-drupal-a-15356