The WannaCry ransomware outbreak of May 2017, was a high-profile demonstration of the potency of the weaponized NSA-attributed exploits leaked by the ShadowBrokers in fall 2016.
Adylkuzz leverages the same exploits as WannaCry, EternalBlue and DoublePulsarRather to gain access to your target’s systems. Rather than an overt demand for cash payment, this infection runs silently in the background, employing your target’s CPU resources to mine Monero for you.
Infects unpatched systems with DoublePulsar, a backdoor, by exploiting a Windows Server Message Block (SMB) protocol vulnerability using the NSA attributed EternalBlue exploit.
The DoublePulsar backdoor then downloads an installs a configurable cpuminer payload to mine Monero.
Adylkuzz provides the basic infrastructure to enlist infected PCs in a cryptocurrency mining botnet. Control of this botnet uses the LUA language.
Once successfully deployed, Adylkuzz kills previous instances of itself and blocks SMB traffic in an attempt to prevent other competing threats from exploiting the same attack vector.
Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).