VERY IMPORTANT

During the WannaCry pandemic attack, CyphortLabs discovered that other threat actors have been using the same EternalBlue exploit to deliver other malware. This malware is not a ransomware and is not a bitcoin miner either as others have reported. This one is a remote access trojan typically used to spy on people’s activities or take control of their computers for whatever end the attacker wants to reach. On May 12, at the onset of the WannaCry attack, Cyphort Labs researchers have seen a similar SMB attack to one of our honeypot servers. Later on, we found evidence of the same attack perpetrated on May 3.