{"uuid": "19771c30-1865-418d-8329-9b74748acb52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "Indicators of Compromise (IOCs)", "description": "Check SoftwareDistribution.log for:\n\n* SoapUtilities.CreateException ThrowException: actor = https://host:8531/ClientWebService/client.asmx -> Error thrown in SoftwareDistribution.log after exploitation\n* AAEAAAD/////AQAAAAAAAAAEAQAAAH9 -> Part of the serialized payload, found in SoftwareDistribution.log\n* 207.180.254[.]242 \u2013 VPS from which the exploit was sent\n* ac7351b617f85863905ba8a30e46a112a9083f4d388fd708ccfe6ed33b5cf91d \u2013 SHA256 hash of embedded MZ payload", "description_format": "markdown", "vulnerability": "CVE-2025-59287", "creation_timestamp": "2025-10-26T07:32:48.252235+00:00", "timestamp": "2025-10-26T07:32:48.252235+00:00", "related_vulnerabilities": [], "meta": [{"ref": ["https://research.eye.security/wsus-deserialization-exploit-in-the-wild-cve-2025-59287/"]}], "author": {"login": "sync_user", "name": "sync_user", "uuid": "4f29edb9-4c4b-44ca-b041-9b050656b6ae"}}