Cisco Blogs
Share

Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks


May 22, 2017 - 0 Comments

When the WannaCry attack was launched a little over a week ago, it was one of the first large scale attacks leveraging the data that was leaked by the Shadow Brokers. At the time the real concern was how quickly we would begin to see other threats leverage the same vulnerabilities. Over the past couple of weeks, Talos has observed other malware variants that are using the ETERNALBLUE and DOUBLEPULSAR exploits from the Shadow Brokers release as part of their campaigns. Among them were Adylkuzz, Uiwix, and EternalRocks.

Adylkuzz is a piece of malware that uses ETERNALBLUE and DOUBLEPULSAR to install cryptocurrency mining software on the infected system. This attack actually pre-dates the WannaCry attack and has continued to deliver the cryptocurrency miner.

Uiwix uses a similar technique to install ransomware on the infected system. When the files are encrypted, the file names include “UIWIX” as part of the file extension. The key difference with this malware is that, unlike WannaCry, the Ransomware doesn’t “worm itself.” It only installs itself on the system.

Read more »

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.