As companies continue to install the vulnerable version of Apache Struts behind the breach, Equifax has filed a clarification statement.

The malware targets Windows servers with a cornucopia of well-known exploits, all within a single executable — including the EternalBlue NSA hacking tool.

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.

The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability.

The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008.

While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.

Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.