Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201786371
HistoryMay 23, 2017 - 12:00 a.m.

The SMB vulnerability triggered“bloodshed”, far more than WannaCry-vulnerability warning-the black bar safety net

2017-05-2300:00:00
佚名
www.myhack58.com
143

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Preface

Since the Shadow Brokers published NSA Elite hacking team Equation Group the use of 0-day vulnerabilities and hacker tools, hacker groups and independent hackers started to exploit these vulnerabilities and tools to initiate various attacks. But industry insiders believe that the 4 month Shadow Brokers published include high-risk Windows SMB vulnerabilities, including a series of Windows hacking tool data, is by far the most destructive of the data.

WannaCry after the outbreak, security researchers have found many hackers exploit Windows SMB Vulnerability, CVE-2017-0143)(i.e. Enternal Blue for a variety of hacking activities, in addition, Eternalblue SMB vulnerability MS17-010 has been transferred to the Metasploit penetration testing framework, which allows researchers and hackers can easily take advantage of this vulnerability expand to different actions.

Therefore, in addition to WannaCry this massive global attack, a large number of hacker groups, state-sponsored hackers, in order to earn money for the purpose of network criminal and grey hat hacker use Eternalblue initiated a variety of large or smaller attack, in fact, is not surprising.

The following is a security researchers recently discovered the use of the SMB vulnerability to initiate the attack, some occur in WannaCry before, and some occur in WannaCry.

One, EternalRocks worms

5 on 17 May, the researchers found a product called EternalRocks New use of SMB vulnerability of the worms. With the use of two NSA vulnerability and tools WannaCry compared EternalRocks worms can be had and less. The worm Co-use of a four-section SMB vulnerability and three NSA hack tool include the following:

EternalBlue — SMBv1 vulnerability

EternalRomance — SMBv1 vulnerability

EternalChampion — SMBv2 vulnerability

EternalSynergy — SMBv3 vulnerability

SMBTouch — SMB investigative tool

ArchTouch — SMB reconnaissance tool

[1] [2] [3] [4] [5] [6] next

Related

canvas 2
cisa_kev 1
talosblog 1
thn 3
saint 3
threatpost 4
carbonblack 1
mscve 1
symantec 1
checkpoint_advisories 1
attackerkb 5
nmap 1
packetstorm 5
zdt 6
cve 5
prion 5
huawei 1
seebug 1
mskb 11
openvas 2
kaspersky 3
rapid7community 8
f5 1
nessus 2
ics 3
rapid7blog 1
qualysblog 4
trendmicroblog 1
trellix 2
avleonov 1
canvas
canvas
Immunity Canvas: ETERNALBLUE
2017-03-17 00:59:00
Immunity Canvas: MS17_010
2017-03-17 00:59:00
cisa_kev
cisa_kev
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
2021-11-03 00:00:00
talosblog
talosblog
Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks
2017-05-22 15:14:00
thn
thn
More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
2017-05-19 01:52:00
Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests
2017-08-11 04:55:00
Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them
2019-05-07 08:41:00
saint
saint
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
threatpost
threatpost
Calypso APT Emerges from the Shadows to Target Governments
2019-10-31 18:55:02
China's APT3 Pilfers Cyberweapons from the NSA
2019-09-06 19:18:55
Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
2019-05-07 17:52:23
carbonblack
carbonblack
CB TAU Technical Analysis: DLTMiner Campaign Targeting Corporations in Asia
2019-07-23 13:47:50
mscve
mscve
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
symantec
symantec
Microsoft Windows SMB Server CVE-2017-0143 Remote Code Execution Vulnerability
2017-03-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
2017-03-14 00:00:00
attackerkb
attackerkb
CVE-2017-0147
2017-03-17 00:00:00
CVE-2017-0148
2017-03-17 00:00:00
CVE-2017-0144 (MS17-010)
2017-03-17 00:00:00
nmap
nmap
smb-vuln-ms17-010 NSE Script
2017-05-27 07:57:34
packetstorm
packetstorm
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
2018-02-03 00:00:00
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
2017-05-17 00:00:00
DOUBLEPULSAR Payload Execution / Neutralization
2019-10-01 00:00:00
zdt
zdt
Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi
2018-02-03 00:00:00
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
2019-10-04 00:00:00
SMB DOUBLEPULSAR Remote Code Execution Exploit
2020-02-04 00:00:00
cve
cve
CVE-2017-0144
2017-03-17 00:59:00
CVE-2017-0145
2017-03-17 00:59:00
CVE-2017-0143
2017-03-17 00:59:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
huawei
huawei
Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems
2017-05-13 00:00:00
seebug
seebug
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
2017-04-15 00:00:00
mskb
mskb
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
2017-03-14 07:00:00
MS17-010: Security update for Windows SMB Server: March 14, 2017
2017-03-14 00:00:00
March 2017 Security Only Quality Update for Windows Server 2012
2017-03-14 07:00:00
openvas
openvas
Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
2017-03-22 00:00:00
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
2017-03-15 00:00:00
kaspersky
kaspersky
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
rapid7community
rapid7community
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
2017-08-03 16:56:04
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
2017-05-24 23:14:26
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
2017-05-15 18:25:42
f5
f5
K57181937 : Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities
2017-05-16 00:00:00
nessus
nessus
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)
2017-03-15 00:00:00
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
2017-03-20 00:00:00
ics
ics
Baxter ExactaMix (Update A)
2020-07-28 12:00:00
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
Philips Intellispace Portal ISP Vulnerabilities
2018-02-27 12:00:00
rapid7blog
rapid7blog
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
2022-03-01 19:15:58
qualysblog
qualysblog
The Rise of Ransomware
2021-10-05 12:50:00
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
Qualys Top 20 Most Exploited Vulnerabilities
2023-09-04 14:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017
2017-05-19 12:00:15
trellix
trellix
Connected Healthcare: A Cybersecurity Battlefield We Must Win
2022-06-06 00:00:00
Connected Healthcare: A Cybersecurity Battlefield We Must Win
2022-06-06 00:00:00
avleonov
avleonov
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM
2023-09-30 19:31:42

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for MYHACK58:62201786371
canvas2cisa_kev1talosblog1thn3saint3threatpost4carbonblack1mscve1symantec1checkpoint_advisories1attackerkb5nmap1packetstorm5zdt6cve5prion5huawei1seebug1mskb11openvas2kaspersky3rapid7community8f51nessus2ics3rapid7blog1qualysblog4trendmicroblog1trellix2avleonov1