ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool EternalBlue

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: EternalBlue

Description(Check Point) The EternalBlue exploitation tool was leaked by “The Shadow Brokers” group on April 14, 2017, in their fifth leak, “Lost in Translation.” The leak included many exploitation tools like EternalBlue that are based on multiple vulnerabilities in the Windows implementation of SMB protocol.

EternalBlue works on all Windows versions prior to Windows 8. These versions contain an interprocess communication share (IPC$) that allows a null session. This means that the connection is established via anonymous login and null session is allowed by default. Null session allows the client to send different commands to the server.
AlienVault OTX<>

Last change to this tool card: 08 May 2020

Download this tool card in JSON format

All groups using tool EternalBlue


APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X
 CalypsoChina2016-Aug 2021 
 Chafer, APT 39Iran2014-Sep 2020X
XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Aug 2022 HOTX
 Turla, Waterbug, Venomous BearRussia1996-May 2022 
 Wicked Spider, APT 22China2018 

7 groups listed (7 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]