Threat actor took advantage of a WebLogic Remote Code Execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing a coin miner (XMRig).

https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/