MadoMiner Part 2 - Mask
AlienVault
OCTOBER 29, 2018
During the execution of sogou.exe, the following exploits are used to install on new victims’ PCs: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. Sogou.exe is the payload that contains the CPUInfo scanner, however, it has been set to scan for IPV6 addresses. CVE-2017-0143, SMB exploit. Installation.
40 
Let's personalize your content