Underminer

Underminer EK is an exploit kit discovered by Trend Micro that is spreading bootkits and cryptocurrency-mining malware in Asian countries. This exploit kit seems to have spent quite a few months operating at a much smaller scale, going unnoticed for almost a year. To infect users with malware, Underminer EK uses three exploits- two Adobe Flash Vulnerabilities CVE-2015-5119 and CVE-2018-4878, and Internet Explorer memory corruption vulnerability CVE-2016-0189. Once a user is infected, the exploit kit creates encrypted TCP tunnels to deploy a bootkit which is used to maintain persistence on a system. A coinminer dubbed “Hidden Mellifera” by Trend Micro and “Hidden Bee” by Malwarebytes is then downloaded on the infected system.

NJCCICunderminer