This past week got some interesting logs targeting TCP/7001 (WebLogic CVE-2020-14882 – see previous diary[1][2]) looking to download and launch a shell script to install various cryptominer on the target. The shell script target SELINUX compatible hosts likely CentOS/RedHat, Ubuntu, etc to install various cryptominer applications.

Leave a comment