【安全报告】WannaCry勒索事件处置手册 – 绿盟科技技术博客
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 99216f2e-7c21-41c1-9ed7-98bf8ef8677d |
| Fingerprint | 109ee97ebf2254d6 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 14, 2017, 10:40 p.m. |
| Added to db | Jan. 18, 2023, 7:38 p.m. |
| Last updated | Nov. 14, 2024, 7 p.m. |
| Headline | 【安全报告】WannaCry勒索事件处置手册 |
| Title | 【安全报告】WannaCry勒索事件处置手册 – 绿盟科技技术博客 |
| Detected Hints/Tags/Attributes | 31/2/36 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.nsfocus.net/wannacry-blackmail-event-disposal-handbook/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1 | 关闭tasksche.exe |
|
| Details | File | 1 | 还可能有mssecsvc.exe |
|
| Details | File | 27 | tasksche.exe |
|
| Details | File | 2 | mssecsvc.bin |
|
| Details | File | 2 | c:\programdata\hnjrymny834\tasksche.exe |
|
| Details | File | 7 | c:\windows\tasksche.exe |
|
| Details | File | 1 | c:\users\all users\hnjrymny834\tasksche.exe |
|
| Details | File | 27 | out.txt |
|
| Details | File | 22 | taskdl.exe |
|
| Details | File | 22 | taskse.exe |
|
| Details | File | 35 | libeay32.dll |
|
| Details | File | 4 | libevent-2-0-5.dll |
|
| Details | File | 4 | libevent_core-2-0-5.dll |
|
| Details | File | 4 | libevent_extra-2-0-5.dll |
|
| Details | File | 5 | libgcc_s_sjlj-1.dll |
|
| Details | File | 7 | libssp-0.dll |
|
| Details | File | 26 | ssleay32.dll |
|
| Details | File | 10 | taskhsvc.exe |
|
| Details | File | 33 | tor.exe |
|
| Details | File | 16 | zlib1.dll |
|
| Details | IPv4 | 56 | 192.168.1.2 |
|
| Details | IPv4 | 6 | 192.168.56.20 |
|
| Details | IPv4 | 1 | 192.168.88.133 |
|
| Details | IPv4 | 9 | 4.2.1.1 |
|
| Details | Microsoft Patch Numbers | 3 | KB4012212 |
|
| Details | Microsoft Patch Numbers | 7 | KB4012598 |
|
| Details | Microsoft Patch Numbers | 3 | KB4012215 |
|
| Details | Microsoft Patch Numbers | 1 | KB4012213 |
|
| Details | Microsoft Patch Numbers | 1 | KB4012216 |
|
| Details | Microsoft Patch Numbers | 1 | KB4012214 |
|
| Details | Microsoft Patch Numbers | 1 | KB4012217 |
|
| Details | Microsoft Patch Numbers | 1 | KB4012606 |
|
| Details | Microsoft Patch Numbers | 1 | KB4013198 |
|
| Details | Microsoft Patch Numbers | 2 | KB4013429 |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnjrymny834 |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\hnjrymny834 |