LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This report details the tactics and techniques employed by the LemonDuck cryptomining malware, which exploits the SMB service by leveraging the EternalBlue vulnerability (CVE-2017-0144). After gaining initial access through brute-force attacks, the malware creates malicious files, disables security measures, manipulates network settings, and sets up scheduled tasks to ensure persistence. It also downloads additional payloads from remote URLs and utilizes tools like Mimikatz for credential theft. The analysis provides insights into the malware's infection strategy and highlights the importance of keeping systems updated to mitigate such threats.
OPENCTI LABELS :
credential theft,cryptomining,malicious scripts,persistence,cve-2017-0144,lemonduck,network manipulation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits