Summary
Beginning in August of 2017, a new cryptocurrency mining botnet, dubbed Smominru, started propagating via the recently leaked Eternal Blue exploit. Smominru, aka MyKings, is characterized by the targeting of Windows systems using WMI as a file-less persistence mechanism.
As of March 2019, Smominru showed no signs of slowing down. Wapack Labs has identified approximately 316K victims connecting to Smominru infrastructure over a period of 6 days. This report provides a high-level overview