A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware.
Miroslav Stampar @stamparm
Just captured 406ac1595991ea7ca97bc908a6538131 and 5c9f450f2488140c21b6a0bd37db6a40 in MS17-010 honeypot. MSIL/.NET #WannaCry copycat(s)
Miroslav Stampar @stamparm
Info on (new) EternalRocks worm can be found on
https://github.com/stamparm/EternalRocks/#
…. Will keep it updated, along with @_jsoo_
Update on #EternalRocks. Original name is actually "MicroBotMassiveNet" while author's nick is "tmc" https://github.com/stamparm/EternalR...trings#…
If I will be asked to choose a name, let it be a DoomsDayWorm
c52f20a854efb013a0a1248fd84aaa95
P.S. there is no kill-switch. Everything goes through Tor. Initial infection by MS17-010 drops Tor binaries for further communication
Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract
Seems to be just spreading at the moment and getting further commands from C&C
Whole EternalRocks campaign (first and second stage malware) uses Mutex: {8F6F00C4-B901-45fd-08CF-72FDEFF}
Bookmarks