MadoMiner Part 2 - Mask
AlienVault
OCTOBER 29, 2018
During the execution of sogou.exe, the following exploits are used to install on new victims’ PCs: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. CVE-2017-0143, SMB exploit. CVE-2017-0146, SMB exploit. Installation. Mask.exe ends up on a victim’s computer after either x86.dll dll or x64.dll
40 
Let's personalize your content