Andrey Bazhan, from Comae Technologies, just made a neat addition to SwishDbgExt which is the ability to use Yara rules to hunt process in memory via a new command called !ms_yarascan
!ms_yarascan
Yes, this is bad — real bad — this is another ransom-ware leveraging SMB network kernel vulnerabilities to spread on the local network. The exploit used is based on…
While everybody seem to agree on the NSA ownership of the leaked materials by Shadow Brokers, there are still many different versions when it comes to the origin of it.