Loading . . .

EternalRocks Worm Detector

Sign Up Sign In
The goal of EternalRocks worm Detector is to enable proactive detection and timely information to mitigate activity of EternalRocks worm. EternalRocks (a.k.a. MicroBotMassiveNet) is a network worm (i.e. self-replicating), emerged in first half of May 2017, with oldest known sample is dating to 2017-05-03. It spreads through public (The Shadow Brokers NSA dump) SMB exploits: ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY, along with related programs: DOUBLEPULSAR, ARCHITOUCH and SMBTOUCH. The worm's existence first came to light on Wednesday May 17th, after it infected the SMB honeypot of Miroslav Stampar, member of the Croatian Government CERT, and creator of the sqlmap tool used for detecting and exploiting SQL injection flaws. It uses Tor based C&C server, currently only beaconing the server, and spreading using the SMB exploit. More details are published at Github https://github.com/stamparm/EternalRocks/. EternalRocks worm Detector seamlessly integrates with SIEM systems, takes only few minutes to deploy and provides highest detection accuracy for EternalRocks worm.