Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Weblogic Exploit Code Made Public (CVE-2018-2893)

Published: 2018-07-20
Last Updated: 2018-07-20 22:43:02 UTC
by Kevin Liston (Version: 1)
0 comment(s)

[UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from 185.159.128.200 . We are still looking at details, but it looks like the code attempts to install a backdoor. The initial exploit came from 5.8.54.27.

Possible exploit code:

On 18-JUL-2018 Oracle released a Critical Patch Update (https://isc.sans.edu/forums/diary/Oracle+Critical+Patch+Update+Release/23886/)  Yesterday exploit targeting CVE-2018-2893 impacting Oracle Weblogic Server appeared publicly. 

Scanning activity targeting port 7001 peaked in May of 2018 when another Weblogic vulnerability went public, unsurprisingly it was used to install crypto miners then (https://isc.sans.edu/diary/WebLogic+Exploited+in+the+Wild+%28Again%29/23617)

 

Keywords: weblogic
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Reporting Malicious Websites in 2018
Jul 19th 2018
1 day ago by Kevin Liston (2 comments)

Request for Packets: Port 15454
Jul 18th 2018
2 days ago by Kevin Liston (1 comment)

Oracle Critical Patch Update Release
Jul 18th 2018
3 days ago by ScottF (0 comments)

Searching for Geographically Improbable Login Attempts
Jul 17th 2018
3 days ago by Xme (5 comments)

Extracting BTC addresses from emails
Jul 16th 2018
5 days ago by DidierStevens (0 comments)

Video: Retrieving and processing JSON data (BTC example)
Jul 15th 2018
5 days ago by DidierStevens (1 comment)

Retrieving and processing JSON data (BTC example)
Jul 14th 2018
6 days ago by DidierStevens (0 comments)

View All Diaries →

Latest Discussions

Windows Long File Path
created Jul 19th 2018
2 days ago by Shishir (0 replies)

Windows Long File Path
created Jul 18th 2018
2 days ago by Shishir (0 replies)

Botnet brute forcing mail accounts?
created Jun 22nd 2018
4 weeks ago by Anonymous (0 replies)

Simple SMTP/network routing questions
created Jun 14th 2018
1 month ago by Anonymous (0 replies)

HTTP Headers Illicit Characters
created Jun 13th 2018
1 month ago by David (2 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
11 months ago by Johannes (16 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
7 months ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
11 months ago by Xme (2 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
10 months ago by Renato (0 comments)