Tool: EternalBlue| Names | EternalBlue | |
| Category | Exploits | |
| Type | 0-day | |
| Description | (Check Point) The EternalBlue exploitation tool was leaked by “The Shadow Brokers” group on April 14, 2017, in their fifth leak, “Lost in Translation.” The leak included many exploitation tools like EternalBlue that are based on multiple vulnerabilities in the Windows implementation of SMB protocol. EternalBlue works on all Windows versions prior to Windows 8. These versions contain an interprocess communication share (IPC$) that allows a null session. This means that the connection is established via anonymous login and null session is allowed by default. Null session allows the client to send different commands to the server. | |
| Information | <https://research.checkpoint.com/2017/eternalblue-everything-know/> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:EternalBlue> | |
Last change to this tool card: 08 May 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 3, Gothic Panda, Buckeye |  | 2007-Nov 2017 |  | ||
 | Calypso | | 2016-Mar 2021  | ||
| Chafer, APT 39 |  | 2014-Sep 2020 | | ||
| Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Apr 2021 | | |
| Turla, Waterbug, Venomous Bear |  | 1996-Feb 2021 | ||
| Wicked Spider, APT 22 | | 2018 | |||
6 groups listed (6 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |