Contact

LemonDuck Malware Exploiting SMB Vulnerabilities

NetmanageIT OpenCTI - opencti.netmanageit.com

LemonDuck Malware Exploiting SMB Vulnerabilities



SUMMARY :

LemonDuck malware has evolved into a versatile threat, targeting both Windows and Linux systems. It exploits SMB vulnerabilities, particularly EternalBlue, to gain network access. The malware uses brute-force attacks, creates hidden administrative shares, and executes malicious actions via batch files and PowerShell scripts. It ensures persistence through scheduled tasks, disables Windows Defender, and employs anti-detection mechanisms. The attack includes cryptomining, system compromise, and lateral movement. LemonDuck disguises itself as legitimate system services, manipulates firewall settings, and uses base64 encoding for obfuscation. It also utilizes Mimikatz for credential theft and employs multiple techniques for stealth and repeated execution.

OPENCTI LABELS :

smb,cryptomining,cve-2017-0144,eternalblue,lemonduck


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


LemonDuck Malware Exploiting SMB Vulnerabilities