[oracle@ovmm-t01 ~]$ /u01/app/oracle/java/bin/jps -v

32606 Jps -Dapplication.home=/u01/app/oracle/java -Xms8m

3083 CLIMain -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs -Ddomain-dir=/u01/app/oracle/ovm-manager-3/domains/ovm_domain -Dlog4j.configuration=file:./log4j.properties

13774 Server -Xms512m -Xmx4096m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=/u01/app/oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -DUseSunHttpHandler=true -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs -Dorg.quartz.properties=/u01/app/oracle/ovm-manager-3/domains/ovm_domain/config/appfw/quartz.properties -Dweblogic.security.SSL.protocolVersion=TLS1 -Dweblogic.security.disableNullCipher=true -Djava.awt.headless=true -Xdebug -Xrunjdwp:transport=dt_socket,address=127.0.0.1:8453,server=y,suspend=n -da:org.apache.myfaces.trinidad -Djava.endorsed.dirs=/u01/app/oracle/java/jre/lib/endorsed:/u01/app/oracle/Middleware/wlserver/../oracle_common/modules/endorsed -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dopss.version=12.1.3 -Digf.arisidbeans.carmlloc=/u01/app/oracle/ovm-manager-3/domains/ovm_domain/config/fmwconfig/carml -Digf.arisidstack.home=/u01/app/oracle/ovm-manager-3

Identify thread taking cpu using top command

Get the dump trace

/u01/app/oracle/java/bin/jstack 3083 > jstack_3083.out

Convert 12332 into hex = 302c

Search for 302c in jstack_3083.out

vim jstack_3083.out

Shows that EchoShell is the thread that is taking >80% cpu