Shares tag: WannaCry • Shares 2 IOCs • Same author: Somansa • Published within a month
WannaCry 랜섬웨어 이슈 분석
2017-05-17 • Somansa • WannaCry ransomware issue analysis •
https://www.somansa.com/wp-content/uploads/2017/05/20170517_secureport.pdf
Attachments
20170517_secureport.pdf (902 KB)
WannaCry is analyzed as ransomware that spread globally from 12 May 2017 by abusing Windows SMB vulnerabilities on unpatched systems. The infection chain includes malicious email or websites as initial delivery, then worm-like propagation across local and randomly generated IP ranges over SMB port 445. After execution, the mssecsvc.exe dropper checks a kill-switch domain, registers itself as the mssecsvc2.0 service, launches tasksche.exe, and supports both SMB exploitation and file encryption. The report identifies the MS17-010-related CVEs, affected Windows versions, ransomware components, hashes, ransom behavior, and defensive steps such as isolating infected hosts, blocking SMB ports, patching, updating security tools, and maintaining offline backups.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 24d004a104d4d54034dbcffc2a4b19a… | 2017-05-12 | 2021-12-02 |
| HASH | ed01ebfbc9eb5bbea545af4d01bf5f1… | 2017-05-12 | 2021-12-02 |
| URL | http://www.iuqerfsodp9ifjaposdf… | 2017-05-16 | 2017-05-23 |
Related Reports
Shares tag: WannaCry • Shares 2 IOCs • Published within a week
Shares tag: WannaCry • Shares 2 IOCs • Published within a week
Shares tag: WannaCry • Shares 1 IOC • Published within a week
Shares tag: WannaCry • Shares 1 IOC • Published within a week
Shares tag: WannaCry • Shares 1 IOC • Published within a week