ioc[.]one - OSINT Cyber Threat Intelligence Database

WannaCry Ransomware Campaign: Threat Details and Risk Management | Mandiant

Tags

country:	North Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	0ad82d8c-102a-485b-82e7-d888b8fc44bd
Fingerprint	ced0295b84ffb6c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 15, 2017, midnight
Added to db	Aug. 12, 2023, 3:40 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	WannaCry Ransomware Campaign: Threat Details and Risk Management
Title	WannaCry Ransomware Campaign: Threat Details and Risk Management \| Mandiant
Detected Hints/Tags/Attributes	84/3/137

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/wannacry-ransomware-campaign

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com
Details	Domain	2	iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Details	Domain	17	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Details	Domain	5	www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Details	Domain	4	ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Details	Domain	12	iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Details	Domain	13	57g7spgrzlojinas.onion
Details	Domain	14	76jdd2ir2embyv47.onion
Details	Domain	13	cwwnhwhlz52maqm7.onion
Details	Domain	14	gx7ekbenv2riucmf.onion
Details	Domain	4	sqjolphimrr7jqw6.onion
Details	Domain	14	xxlvbrloxvriy2c5.onion
Details	File	3	www.iff
Details	File	10	mssecsvc.exe
Details	File	478	lsass.exe
Details	File	17	malware.bin
Details	File	10	ary.exe
Details	File	6	malicious.url
Details	File	3	phish.url
Details	File	7	c:\windows\mssecsvc.exe
Details	File	7	c:\windows\tasksche.exe
Details	File	1	%temp%\m.vbs
Details	File	22	taskse.exe
Details	File	22	taskdl.exe
Details	File	155	cscript.exe
Details	File	8	m.vbs
Details	md5	2	0156edf6d8d35def2bf71f4d91a7dd22
Details	md5	1	0279e96244d8d8fa636c8f38baff99d7
Details	md5	1	05a00c320754934782ec5dec1d5c0476
Details	md5	1	06e235714dfa46e0ef3d15e45331ebe1
Details	md5	1	09431f379fc1914685f93f56c2400133
Details	md5	1	0cb40a8a51539e2c5727c3ec87af8a56
Details	md5	1	0fb1ce09b168987ce7f47bcd82fa034d
Details	md5	1	1177e33203cb8b1d71fe9147364328fe
Details	md5	1	13d702666bb8eadcd60d0c3940c39228
Details	md5	1	16aa3809de7a2a87d97de34ed7747638
Details	md5	1	18ad48cf2ed0cfeda8636187169ab181
Details	md5	1	1c615bf80a47848f17f935e689ae7ee2
Details	md5	1	246c2781b88f58bc6b0da24ec71dd028
Details	md5	1	2822abbaff89f989a4377b3c54067540
Details	md5	1	29365f675b69ffa0ec17ad00649ce026
Details	md5	1	2b4e8612d9f8cdcf520a8b2e42779ffa
Details	md5	1	2ca9ea7966269b22b5257f7a41817e1f
Details	md5	1	3175e4ba26e1e75e52935009a526002c
Details	md5	1	31dab68b11824153b4c975399df0354f
Details	md5	1	32f5d4bb6e967ac8c15950322b69975b
Details	md5	1	340a0e61c7f9b4e17e66e5114b1fffdb
Details	md5	1	3600607ab080736dd31859c02eaff188
Details	md5	1	36ebcf590480009be4c9c2259982a71a
Details	md5	1	38089fd3b6f1faa54cfe974fd1e29f0a
Details	md5	1	3c1ab42f5dd52f217ec57d270ffc8960
Details	md5	1	3c6375f586a49fc12a4de9328174f0c1
Details	md5	1	42fcf5f97f224c53a0434856016c706c
Details	md5	1	4362e287ca45a4862b7fe9ecaf46e985
Details	md5	1	468d1f5e0b048c16fd6d5364add58640
Details	md5	1	46d140a0eb13582852b5f778bb20cf0e
Details	md5	1	4e1f1183a31740618213f4e4c619b31c
Details	md5	5	4fef5e34143e646dbf9907c4374276f5
Details	md5	2	509c41ec97bb81b0567b059aa2f50fe8
Details	md5	1	546c1d3e78d9a0c676648e1230b8d454
Details	md5	1	54a116ff80df6e6031059fc3036464df
Details	md5	1	573a15b128431309c6af6caeb27dd44c
Details	md5	1	57aaa19f66b1eab6bea9891213ae9cf1
Details	md5	1	57b5c96abfd7ab5f33d9e3c20067687a
Details	md5	1	5902d0ea85b00f59a44c6d1c9174da56
Details	md5	1	59815ca85fa772753ca37fa0399c668c
Details	md5	1	59fc71209d74f2411580f6e1b6daf8d8
Details	md5	3	5bef35496fcbdbe841c82f4d1ab8b7c2
Details	md5	1	638f9235d038a0a001d5ea7f5c5dc4ae
Details	md5	1	6a4041616699ec27b42f98bbf111a448
Details	md5	1	707282fc5832e4674a2b5904b4115202
Details	md5	2	775a0631fb8229b2aa3d7621427085ad
Details	md5	8	7bf2b57f2a205768755c07f238fb32cc
Details	md5	1	7ecd842a3e9b1bcb3bb70b98220a563b
Details	md5	3	7f7ccaa16fb15eb1c7399d422f8363e8
Details	md5	1	80a2af99fd990567869e9cf4039edf73
Details	md5	1	82fc5885862b097be5ec9ec2176e30f1
Details	md5	1	82fd8635ff349f2f0d8d42c27d18bcb7
Details	md5	1	835fff032c51075c0c27946f6ebd64a3
Details	md5	6	8495400f199ac77853c53b5a3f278f3e
Details	md5	1	84a912cc30e697c4aab6978fb2fceb7c
Details	md5	6	84c82835a5d21bbcf75a61706d8ab549
Details	md5	2	86721e64ffbd69aa6944b9672bcabb6d
Details	md5	1	8d8e65121556519531ff64c1ed0bfe09
Details	md5	2	8dd63adb68ef053e044a5a2f46e0d2cd
Details	md5	1	8ff9c908dea430ce349cc922cee3b7dc
Details	md5	1	92cc807fa1ff0936ef7bcd59c76b123b
Details	md5	1	93ebec8b34a4894c34c54cca5039c089
Details	md5	1	947d69c0531504ee3f7821574ea405a7
Details	md5	1	9503af3b691e22149817edb246ea7791
Details	md5	1	96714005ac1ddd047a8eda781249d683
Details	md5	2	96dff36b5275c67e35097d77a120d0d4
Details	md5	1	998ea85d3e72824a8480d606d33540a6
Details	md5	1	a0a46b3ea8b643acd8b1b9220701d45d
Details	md5	1	a155e4564f9ec62d44bf3ea2351fd6ce
Details	md5	1	a2ded86d6ddc7d1fca74925c111d6a95
Details	md5	1	a6aad46f69d3ba3359e4343ab7234bb9
Details	md5	1	abcb7d4353abee5083ddd8057c7cd1ff
Details	md5	3	b0ad5902366f860f85b892867e5b1e87
Details	md5	1	b27f095f305cf940ba4e85f3cb848819
Details	md5	1	b6043ef3f8b238e4f5be6e2aa061c845
Details	md5	1	b675498639429b85af9d70be1e8a8782
Details	md5	1	b6ded2b8fe83be35341936e34aa433e5
Details	md5	1	b77288deb5e9ebced8a27c5ea533d029
Details	md5	1	b7f7ad4970506e8547e0f493c80ba441
Details	md5	1	b8a7b71bfbde9901d20ab179e4dead58
Details	md5	1	bdda04ebcc92840a64946fc222edc563
Details	md5	1	be70ee98253ae9ebbf91af35da829ee0
Details	md5	1	be74e91f1ef8b4cb9e3918911e429124
Details	md5	1	bec0b7aff4b107edd5b9276721137651
Details	md5	3	c2559b51cfd37bdbd5fdb978061c6c16
Details	md5	1	c39ed6f52aaa31ae0301c591802da24b
Details	md5	1	c61256583c6569ac13a136bfd440ca09
Details	md5	1	cb97641372f4e31670574cc4faa5df59
Details	md5	1	cee8d1683a187a477ee319c2ddd09d4d
Details	md5	1	cf1416074cd7791ab80a18f9e7e219d9
Details	md5	1	d545a745c4fc198798e590b00ba7dd59
Details	md5	2	d5dcd28612f4d6ffca0cfeaefd606bcf
Details	md5	2	d6114ba5f10ad67a4131ab72531f02da
Details	md5	2	d724d8cc6420f06e8a48752f0da11c66
Details	md5	7	db349b97c37d22f5ea1d1841e3c89eb4
Details	md5	1	df535dcb74ab9e2ba0a63b3519eee2bb
Details	md5	1	e16b903789e41697ecab21ba6e14fa2b
Details	md5	2	e372d07207b4da75b3434584cd9f3450
Details	md5	1	eb7009df4951e18ccbe4f035985b635c
Details	md5	1	efa8cda6aa188ef8564c94a58b75639f
Details	md5	1	f0d9ffefa20cdadf5b47b96b7f8d1f60
Details	md5	2	f107a717f76f4f910ae9cb4dc5290594
Details	md5	3	f351e1fcca0c4ea05fc44d15a17f8b36
Details	md5	1	f4856b368dc74f04adb9c4548993f148
Details	md5	2	f529f4556a5126bba499c26d67892240
Details	md5	1	f9992dfb56a9c6c20eb727e6a26b0172
Details	md5	1	f9cee5e75b7f1298aece9145ea80a1d2
Details	md5	1	fa44f2474ba1c807ad2aae6f841b8b09
Details	md5	1	fad4b98c046f693513880195c2bef2dd
Details	md5	1	ff81d72a277ff5a3d2e5a4777eb28b7b
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\Software\WanaCrypt0r