ioc[.]one - OSINT Cyber Threat Intelligence Database

WannaCryptor 勒索蠕虫样本深度技术分析_阿尔法实验室 | 天融信阿尔法实验室

Tags

country:	Bulgaria Croatia Netherlands El Salvador Germany Finland France Indonesia Italy Norway Spain Latvia Poland Portugal Turkey Romania Russia Slovakia U.S. Virgin Islands
attack-pattern:	Data Control Panel - T1218.002 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	e7da76fd-7a16-40b9-a2b4-32d921fc649b
Fingerprint	b6ccf2be7f2f90ce
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 1, 2023, midnight
Added to db	Jan. 18, 2023, 7:40 p.m.
Last updated	Nov. 17, 2024, 6:31 p.m.
Headline	WannaCryptor 勒索蠕虫样本深度技术分析_阿尔法实验室
Title	WannaCryptor 勒索蠕虫样本深度技术分析_阿尔法实验室 \| 天融信阿尔法实验室
Detected Hints/Tags/Attributes	46/2/42

Source URLs

	Redirection	Url
Details	Source	http://blog.topsec.com.cn/ad_lab/wannacryptor-
Details	Source	http://blog.topsec.com.cn/wannacryptor-

URL Provider

Details	Provider	Source level domain
Details	topsec.com.cn	blog.topsec.com.cn

Attributes

Details	Type	#Events	Value
Details	Domain	12	dist.torproject.org
Details	Domain	11	10.zip
Details	Domain	14	gx7ekbenv2riucmf.onion
Details	Domain	13	57g7spgrzlojinas.onion
Details	Domain	14	xxlvbrloxvriy2c5.onion
Details	Domain	14	76jdd2ir2embyv47.onion
Details	Domain	13	cwwnhwhlz52maqm7.onion
Details	Domain	47	microsoft.exchange
Details	File	10	10.zip
Details	File	82	taskkill.exe
Details	File	57	mysqld.exe
Details	File	66	sqlwriter.exe
Details	File	21	sqlserver.exe
Details	File	20	c:\windows\syswow64\cmd.exe
Details	File	35	libeay32.dll
Details	File	4	libevent-2-0-5.dll
Details	File	4	libevent_core-2-0-5.dll
Details	File	4	libevent_extra-2-0-5.dll
Details	File	5	libgcc_s_sjlj-1.dll
Details	File	7	libssp-0.dll
Details	File	26	ssleay32.dll
Details	File	10	taskhsvc.exe
Details	File	33	tor.exe
Details	File	16	zlib1.dll
Details	File	22	taskdl.exe
Details	File	22	taskse.exe
Details	File	4	wcry.exe
Details	File	27	tasksche.exe
Details	File	7	c:\windows\tasksche.exe
Details	File	1	以下为新创建的进程tasksche.exe
Details	File	1	创建taskse.exe
Details	File	2	创建cmd.exe
Details	File	1	循环创建taskdl.exe
Details	File	1	当前目录下创建随机名称.bat
Details	sha256	13	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Details	IPv4	7	0.2.9.10
Details	Url	6	https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
Details	Url	7	https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	2	HKCU\Software\WanaCrypt0r
Details	Windows Registry Key	3	HKCU\Software\WanaCrypt0r\wd
Details	Windows Registry Key	37	HKCU\Control