Water Sigbin
MISP
Type:
Unknown
Unknown
Country:
CN
CN
First seen:
Unknown
Unknown
Details:
The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Oracle WebLogic servers, such as CVE-2017-3506 and CVE-2023-21839, to deliver cryptocurrency miners using PowerShell scripts. The group has demonstrated a sophisticated multistage loading technique to deploy the PureCrypter loader and XMRIG crypto miner. They are known for using obfuscation techniques, such as hexadecimal encoding and code obfuscation, to evade detection and compromise systems.
References (8)
- trendmicro.com - Water Sigbin Xmrig
- trendmicro.com - Decoding 8220 Latest Obfuscation Tricks
- uptycs.com - 8220 Gang Cryptomining Cloud Based Infrastructure Cyber Threat
- imperva.com - Imperva Detects Undocumented 8220 Gang Activities
- asec.ahnlab.com - 51568
- trendmicro.com - 8220 Gang Evolution New Strategies Adapted
- blog.aquasec.com - 8220 Gang Confluence Vulnerability Cve 2022 26134
- sentinelone.com - From The Front Lines 8220 Gang Massively Expands Cloud Botnet To 30000 Infected Hosts
Aliases (110)
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
8220 Gang
Metadata
| ID: | 707 |
| Created: | 13/01/2026 17:48 |
| Updated: | 09/03/2026 16:00 |