Wannacrypt0r-FACTSHEET.md
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 9b42590c-a2e5-44dc-af6a-6dc1bbfca328 |
| Fingerprint | a6923a59aee79290 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 19, 2017, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | rain-1/Wannacrypt0r-FACTSHEET.md |
| Title | Wannacrypt0r-FACTSHEET.md |
| Detected Hints/Tags/Attributes | 116/2/84 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | wannacrypt0r-factsheet.md |
|
| Details | Domain | 17 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | Domain | 212 | technet.microsoft.com |
|
| Details | Domain | 34 | blogs.technet.microsoft.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 21 | www.malwaretech.com |
|
| Details | Domain | 2 | zerosum0x0.blogspot.com |
|
| Details | Domain | 1 | www.chroniclelive.co.uk |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 5 | www.nrk.no |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 9 | steemit.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 5 | haxx.in |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 132 | blockchain.info |
|
| Details | Domain | 14 | gx7ekbenv2riucmf.onion |
|
| Details | Domain | 13 | 57g7spgrzlojinas.onion |
|
| Details | Domain | 14 | xxlvbrloxvriy2c5.onion |
|
| Details | Domain | 14 | 76jdd2ir2embyv47.onion |
|
| Details | Domain | 13 | cwwnhwhlz52maqm7.onion |
|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 1 | wannacrydecryptor-ransomware-messages-all-langs.zip |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | 1 | wanna18@hotmail.com |
||
| Details | File | 17 | ms17-010.aspx |
|
| Details | File | 1 | how-to-accidentally-stop-a-global-cyber-attacks.html |
|
| Details | File | 1 | doublepulsar-initial-smb-backdoor-ring.html |
|
| Details | File | 1 | renault-touche-par-la-vague-de-cyberattaques-internationales-13-05-2017-2127044_23.php |
|
| Details | File | 1 | 97002-20170513filwww00031-renault-touche-par-la-vague-de-cyberattaques-internationales.php |
|
| Details | File | 1 | key1.bin |
|
| Details | File | 1 | key2.bin |
|
| Details | File | 133 | blockchain.inf |
|
| Details | File | 1 | wannacrydecryptor-ransomware-messages-all-langs.zip |
|
| Details | Url | 15 | https://technet.microsoft.com/en-us/library/security/ms17-010.aspx |
|
| Details | Url | 7 | https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks |
|
| Details | Url | 2 | https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r |
|
| Details | Url | 1 | https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html |
|
| Details | Url | 1 | https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html |
|
| Details | Url | 1 | http://www.chroniclelive.co.uk/news/north-east-news/cyber-attack-nhs-latest-news-13029913 |
|
| Details | Url | 1 | https://twitter.com/skynews/status/863044193727389696 |
|
| Details | Url | 1 | https://twitter.com/jeancreed1/status/863089728253505539 |
|
| Details | Url | 1 | https://twitter.com/dabazdyrev/status/863034199460261890/photo/1 |
|
| Details | Url | 1 | https://twitter.com/vassgatov/status/863175506790952962 |
|
| Details | Url | 1 | https://twitter.com/vassgatov/status/863175723846176768 |
|
| Details | Url | 1 | https://twitter.com/95cnsec/status/863292545278685184 |
|
| Details | Url | 1 | http://www.lepoint.fr/societe/renault-touche-par-la-vague-de-cyberattaques-internationales-13-05-2017-2127044_23.php |
|
| Details | Url | 1 | http://www.lefigaro.fr/flash-eco/2017/05/13/97002-20170513filwww00031-renault-touche-par-la-vague-de-cyberattaques-internationales.php |
|
| Details | Url | 1 | https://twitter.com/damien_bancal/status/863305670568837120 |
|
| Details | Url | 1 | https://twitter.com/nkl0x55/status/863340271391580161 |
|
| Details | Url | 1 | https://twitter.com/95cnsec/status/863382193615159296 |
|
| Details | Url | 1 | https://www.nrk.no/telemark/eliteserieklubber-rammet-av-internasjonalt-dataangrep-1.13515245 |
|
| Details | Url | 1 | https://twitter.com/forbes/status/864850749225934852 |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/wannacry_cyber_attack#list_of_affected_organizations |
|
| Details | Url | 1 | https://twitter.com/the_ens/status/863055007842750465 |
|
| Details | Url | 1 | https://twitter.com/the_ens/status/863069021398339584 |
|
| Details | Url | 1 | https://twitter.com/kafeine/status/863049739583016960 |
|
| Details | Url | 1 | https://twitter.com/laurilove/status/863065599919915010 |
|
| Details | Url | 1 | https://twitter.com/laurilove/status/863066699888824322 |
|
| Details | Url | 1 | https://twitter.com/laurilove/status/863072240123949059 |
|
| Details | Url | 1 | https://twitter.com/payloadsecurity/status/863024514933956608 |
|
| Details | Url | 1 | https://twitter.com/ctin_global/status/863095852113571840 |
|
| Details | Url | 1 | https://twitter.com/laurilove/status/863107992425779202 |
|
| Details | Url | 1 | https://twitter.com/hackerfantastic/status/863105127196106757 |
|
| Details | Url | 1 | https://twitter.com/hackerfantastic/status/863105031167504385 |
|
| Details | Url | 1 | https://twitter.com/hackerfantastic/status/863070063536091137 |
|
| Details | Url | 1 | https://twitter.com/hackerfantastic/status/863069142273929217 |
|
| Details | Url | 1 | https://twitter.com/hackerfantastic/status/863115568181850113 |
|
| Details | Url | 1 | https://twitter.com/laurilove/status/863116900829724672 |
|
| Details | Url | 1 | https://twitter.com/0xspamtech/status/863058605473509378 |
|
| Details | Url | 1 | https://twitter.com/bl4sty/status/863143484919828481 |
|
| Details | Url | 1 | https://twitter.com/e55db081d05f58a/status/863109716456747008 |
|
| Details | Url | 4 | https://twitter.com/neelmehta/status/864164081116225536 |
|
| Details | Url | 4 | https://steemit.com/shadowbrokers |
|
| Details | Url | 2 | https://www.secureworks.com/research/wcry-ransomware-analysis |
|
| Details | Url | 1 | https://haxx.in/key1.bin |
|
| Details | Url | 1 | https://haxx.in/key2.bin |
|
| Details | Url | 1 | https://pastebin.com/aaw2rfb6 |
|
| Details | Url | 2 | https://blockchain.info/address/13am4vw2dhxygxeqepohkhsquy6ngaeb94 |
|
| Details | Url | 2 | https://blockchain.info/address/12t9ydpgwuez9nymgw519p7aa8isjr6smw |
|
| Details | Url | 2 | https://blockchain.info/address/115p7ummngoj1pmvkphijcrdfjnxj6lrln |
|
| Details | Url | 1 | https://transfer.sh/y6qco/wannacrydecryptor-ransomware-messages-all-langs.zip |
|
| Details | Url | 1 | https://pastebin.com/xzku7ph1 |
|
| Details | Url | 1 | https://pastebin.com/0lrh05y2 |