CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

description: In April 2019, a security advisory was released for CVE-2019-2725, a deserialization vulnerability involving the widely used Oracle WebLogic Server.

publish date:

reference :

IOC Table
total 16
type value
FileHash-SHA256 c30f42e6f638f3e8218caf73c2190d2a521304431994fd6efeef523cfbaa5e81
FileHash-SHA256 e4bc026aec8a76b887a8fc48726b9c48540fc2aa76eb8e61893da2ee6df6ab3a
FileHash-SHA256 4b9842b6be35665174c78c3e4063c645bd6e10eb333f68e4c7840fe823647bdf
FileHash-SHA256 3a567b7985b2da76db5e5a1d5554f7c13f375d88a27d6e6d108ad79e797adc9a
URL https://pixeldrain.com/api/file/cGsOoTyb/wujnEh-n1
URL https://pixeldrain.com/api/file/cGsOoTyb
URL http://45.32.28.187:1012/cert.cer
URL http://139.180.199.167:1012/config.json
URL https://pixeldrain.com/api/file/TyodGuTm
URL https://pixeldrain.com/api/file/bg2Fh-d_
URL http://139.180.199.167:1012/networkservice.exe
URL http://139.180.199.167:1012/clean.bat
URL http://139.180.199.167:1012/update.ps1
URL https://pixeldrain.com/api/file/DF1zsieq1
URL http://139.180.199.167:1012/sysupdate.exe
URL http://139.180.199.167:1012/sysguard.exe