ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool EternalBlue

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: EternalBlue

NamesEternalBlue
CategoryExploits
Type0-day
Description(Check Point) The EternalBlue exploitation tool was leaked by “The Shadow Brokers” group on April 14, 2017, in their fifth leak, “Lost in Translation.” The leak included many exploitation tools like EternalBlue that are based on multiple vulnerabilities in the Windows implementation of SMB protocol.

EternalBlue works on all Windows versions prior to Windows 8. These versions contain an interprocess communication share (IPC$) that allows a null session. This means that the connection is established via anonymous login and null session is allowed by default. Null session allows the client to send different commands to the server.
Information<https://research.checkpoint.com/2017/eternalblue-everything-know/>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:EternalBlue>

Last change to this tool card: 08 May 2020

Download this tool card in JSON format

All groups using tool EternalBlue

ChangedNameCountryObserved

APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X
 CalypsoChina2016 
 Chafer, APT 39Iran2014-2018 
 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Aug 2020 HOTX
 Turla, Waterbug, Venomous BearRussia1996-Jun 2020 
 Wicked Spider, APT 22China2018 

6 groups listed (6 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key