VERY IMPORTANT

LemonDuck mining botnet, also known as the "Eternal Blue downloader Trojan", DTLMiner. These names are mainly related to the propagation of the Trojan, attack activities, such as the initial use of the Driver Life Update Server for propagation, the use of the Eternal Blue vulnerability in the target system, C2 communication and PowerShell script code with the "Lemon Duck" string, etc. At the same time, in previous update activities, due to the setting of a specific named planned task, the researchers named it "Blue Tea Action" based on the name[3]and Operation Black Ball[4]。