WanaCrypt0r Ransomworm
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f227e3a6-77f0-4024-9efa-25da284a2a9a |
| Fingerprint | 875c9039e623d243 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 16, 2017, 8:34 p.m. |
| Added to db | Aug. 30, 2024, 11:12 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | BAE Systems Threat Research Blog |
| Title | WanaCrypt0r Ransomworm |
| Detected Hints/Tags/Attributes | 116/3/61 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 3 | ✔ | BAE Systems Threat Research Blog | http://baesystemsai.blogspot.com/feeds/posts/default | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 17 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | Domain | 14 | gx7ekbenv2riucmf.onion |
|
| Details | Domain | 13 | 57g7spgrzlojinas.onion |
|
| Details | Domain | 14 | xxlvbrloxvriy2c5.onion |
|
| Details | Domain | 14 | 76jdd2ir2embyv47.onion |
|
| Details | Domain | 13 | cwwnhwhlz52maqm7.onion |
|
| Details | Domain | 47 | microsoft.exchange |
|
| Details | Domain | 12 | dist.torproject.org |
|
| Details | Domain | 11 | 10.zip |
|
| Details | Domain | 179 | www.torproject.org |
|
| Details | Domain | 3 | 11.zip |
|
| Details | Domain | 3 | doc.emergingthreats.net |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 12 | www.circl.lu |
|
| Details | Domain | 34 | blogs.technet.microsoft.com |
|
| Details | Domain | 12 | iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | File | 10 | mssecsvc.exe |
|
| Details | File | 2 | lhdfrgui.exe |
|
| Details | File | 7 | c:\windows\tasksche.exe |
|
| Details | File | 27 | tasksche.exe |
|
| Details | File | 6 | diskpart.exe |
|
| Details | File | 1 | c:\programdata\tdyhddeaprj852\tasksche.exe |
|
| Details | File | 1 | c:\intel\tdyhddeaprj852\tasksche.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 22 | taskdl.exe |
|
| Details | File | 22 | taskse.exe |
|
| Details | File | 1 | kbdlv.dll |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 21 | sqlserver.exe |
|
| Details | File | 10 | 10.zip |
|
| Details | File | 3 | 11.zip |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 5 | srv.sys |
|
| Details | File | 3 | launcher.dll |
|
| Details | File | 7 | c:\windows\mssecsvc.exe |
|
| Details | md5 | 3 | 9c7c7149387a1c79679a87dd1ba755bc |
|
| Details | md5 | 3 | ac21c8ad899727137c4b94458d7aa8d8 |
|
| Details | md5 | 5 | 4fef5e34143e646dbf9907c4374276f5 |
|
| Details | md5 | 2 | 509c41ec97bb81b0567b059aa2f50fe8 |
|
| Details | md5 | 8 | 7bf2b57f2a205768755c07f238fb32cc |
|
| Details | md5 | 3 | 7f7ccaa16fb15eb1c7399d422f8363e8 |
|
| Details | md5 | 6 | 8495400f199ac77853c53b5a3f278f3e |
|
| Details | md5 | 6 | 84c82835a5d21bbcf75a61706d8ab549 |
|
| Details | md5 | 7 | db349b97c37d22f5ea1d1841e3c89eb4 |
|
| Details | md5 | 2 | f107a717f76f4f910ae9cb4dc5290594 |
|
| Details | IPv4 | 7 | 0.2.9.10 |
|
| Details | IPv4 | 1 | 0.2.8.11 |
|
| Details | IPv4 | 1 | 192.168.78.132 |
|
| Details | IPv4 | 141 | 255.255.255.0 |
|
| Details | IPv4 | 2 | 192.168.78.1 |
|
| Details | IPv4 | 1 | 192.168.78.2 |
|
| Details | IPv4 | 1 | 192.168.78.254 |
|
| Details | Url | 9 | http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | Url | 6 | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip |
|
| Details | Url | 1 | https://www.torproject.org/dist/torbrowser/6.0.8/tor-win32-0.2.8.11.zip |
|
| Details | Url | 1 | http://doc.emergingthreats.net/bin/view/main/2024218 |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/latest-statement-international-ransomware-cyber-attack-0 |
|
| Details | Url | 1 | https://www.circl.lu/pub/tr-41 |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\WanaCrypt0r\wd |