| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Oracle WebLogic servers, such as CVE-2017-3506 and CVE-2023-21839, to deliver cryptocurrency miners using PowerShell scripts. The group has demonstrated a sophisticated multistage loading technique to deploy the PureCrypter loader and XMRIG crypto miner. They are known for using obfuscation techniques, such as hexadecimal encoding and code obfuscation, to evade detection and compromise systems.
There are currently no families associated with this actor.
| 2024-06-28
⋅
Trend Micro
⋅
Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer Water Sigbin |
| 2024-05-30
⋅
Trend Micro
⋅
Decoding Water Sigbin's Latest Obfuscation Tricks Water Sigbin |
| 2024-02-22
⋅
Uptycs
⋅
8220 Gang Cryptomining Campaign Targets Linux & Windows Platforms Water Sigbin |
| 2023-12-14
⋅
Imperva
⋅
Imperva Detects Undocumented 8220 Gang Activities Water Sigbin |
| 2023-05-16
⋅
Trend Micro
⋅
8220 Gang Evolves With New Strategies Water Sigbin |
| 2023-04-17
⋅
AhnLab
⋅
8220 Gang Uses Log4Shell Vulnerability to Install CoinMiner Water Sigbin |
| 2022-07-18
⋅
SentinelOne
⋅
From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts Water Sigbin |
| 2022-07-07
⋅
Aqua
⋅
8220 Gang Deploys a New Campaign with Upgraded Techniques Tsunami Water Sigbin |