Miner Uses WMI and EternalBlue To Spread Filelessly
Tags
country: United States Of America
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting
Show in Graph
Common Information
Type Value
UUID ff6760be-41f4-4f9f-a511-9adefbe049bc
Fingerprint 8425098d0d37ee8f
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 21, 2017, midnight
Added to db Jan. 18, 2023, 9:02 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Miner Uses WMI and EternalBlue To Spread Filelessly
Title Miner Uses WMI and EternalBlue To Spread Filelessly
Detected Hints/Tags/Attributes 51/2/8
Source URLs
Redirection Url
Details Source https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly/
Details Source https://www.trendmicro.com/en_gb/research/17/h/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly.html
Details Source https://www.trendmicro.com/en_ca/research/17/h/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Details trendmicro.com blog.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
wmi.mykings.top
Details Domain 1 
32.zip
Details Domain 4 
activescripteventconsumer.name
Details File 23 
scrcons.exe
Details File 1 
32.zip
Details IPv4 1 
67.21.90.226
Details Url 1 
http://wmi.mykings.top:8888/test.html
Details Url 1 
http://67.21.90.226:8888/32.zip