CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry - Check Point Software
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | acbc4647-2a32-43f3-83e1-c19edad27a87 |
| Fingerprint | ac16891a267b4605 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 16, 2017, 4:48 p.m. |
| Added to db | Jan. 18, 2023, 8:17 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry |
| Title | CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry - Check Point Software |
| Detected Hints/Tags/Attributes | 43/2/13 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | freports.us.checkpoint.com |
|
| Details | Domain | 79 | blog.checkpoint.com |
|
| Details | File | 4 | wcry.exe |
|
| Details | File | 27 | attrib.exe |
|
| Details | File | 37 | icacls.exe |
|
| Details | File | 1 | 2014-financial-statements-en.pdf |
|
| Details | File | 10 | taskhsvc.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 27 | tasksche.exe |
|
| Details | Url | 1 | http://freports.us.checkpoint.com/wannacryptor2_1 |
|
| Details | Url | 1 | http://blog.checkpoint.com/tag/sandblast-agent-forensics |