Cisco Talos recently recorded increased activity of the Lemon Duck cryptocurrency-mining botnet using several techniques likely to be spotted by defenders, but are not immediately obvious to end-users. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue threats that affect Windows 10 machines. Researchers noticed an increase in the amount of DNS requests connected with Lemon Duck C2 and mining servers toward the end of August 2020.”]
Source: https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html