Updated July 18, 2019
Criminals profit from the latest findings
Oracle Weblogic Server failed to provide monorail
Cryptom software when you use it to delete certificate files
CVE-2015-2725 error resolved without security update due to infection error
[ISC InfoSec SANS meeting is over
It has been reported that attackers have used cryptocurrency to set up cryptocurrency, but now there is a pursuit method like
This step represents a proven and uncertain strategy.
The idea of using certificate files to hide malware is not an issue.
Researcher Mark Micro State Trend Micro says:
Vicente, Jon Lori Trainfanena, Byron Gelera. Register to receive a certificate
Infected files can contain malware
The uploaded file is found because it has the certificate file format.
This can be seen when installing HTTPS.
The reference link starts when malware exploits CVE-2019-2725 i
Use PowerShell rules to generate replication.
C2 server certificate file Then malware
CertUtil Certificate Manager for file conversion
Saved under a new name and created before the old name
Certificate file was deleted.
Microsoft Trend claims that the certificate file is not available.
You can use the X.509 file format, but vice versa.
PowerShell Commands This command loads other PowerShell scripts.
Download my load and more.
The same WebLogic threat applies to the newly discovered Sodinokibi solution.