▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ThanatosMiner is here, to capture the mining Trojan spread by BlueKeep high-risk vulnerability attacks
#News

> the ThanatosMiner mining Trojan exploited the BlueKeep vulnerability CVE-2019-0708 to spread. The attacker packaged the public Python version BlueKeep exploit code to generate scan.exe, and scanned a large range of randomly generated IP addresses for detection and attack.

> After the vulnerability is successfully exploited, the shellcode is executed to download the Trojan svchost.exe written in C#, and then the Trojan is used to download the Monero mining Trojan and attack modules for the next round of attacks. Because the assembly name of the Payload program is ThanatosCrypt, the mining Trojan is named ThanatosMiner (Death Miner).

> On May 15, 2019, Microsoft released a security update for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services, which affected some older versions of Windows. Once the attacker successfully triggers the vulnerability, he can execute arbitrary code on the target system. The triggering of the vulnerability does not require any user interaction-meaning that the computer with the vulnerability only needs to be connected to the Internet, and no remote operations may be encountered without any operation. Attack and fall. The BlueKeep vulnerability (CVE-2019-0708) is a high-risk vulnerability that all security vendors attach great importance to.

> The vulnerability affects older versions of Windows systems, including:
Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003, and Windows XP. Windows 8 and Windows 10 and later versions are not affected by this vulnerability.

written by undercode
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁