2017-05-13 • piyokango • A summary of ransomware WannaCry infection cases that have occurred around the world •
Piyolog's WannaCry roundup tracks the May 2017 global ransomware outbreak and Japanese impact rather than a single DPRK-specific intrusion report. It links the worm's spread to MS17-010, CVE-2017-0145, and ETERNALBLUE, notes emergency Microsoft patches for unsupported Windows versions, and records reports ranging from more than 200,000 infections in at least 150 countries to multiple Japanese cases. The preserved technical section says WannaCry scanned LAN and internet hosts for vulnerable Windows machines, threatened to double the ransom after three days and delete files after seven, and listed three Bitcoin wallets with about 35.95 BTC by May 16. It also records kill-switch domains, onion C2 addresses, broad encrypted file extensions, and mitigations such as applying MS17-010 and checking for DoublePulsar.
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 5ad4efd90dcde01d26cc6f32f7ce3ce… | 2017-05-13 | 2021-12-02 |
| DOMAIN | xxlvbrloxvriy2c5.onion | 2017-05-12 | 2021-12-02 |
| DOMAIN | cwwnhwhlz52maqm7.onion | 2017-05-12 | 2021-12-02 |
| DOMAIN | gx7ekbenv2riucmf.onion | 2017-05-12 | 2021-12-02 |
| DOMAIN | 76jdd2ir2embyv47.onion | 2017-05-12 | 2021-12-02 |
| HASH | 32f24601153be0885f11d62e0a8a2f0… | 2017-05-13 | 2020-03-09 |
| HASH | 198a25e52018dce7b2f76c3b4994821… | 2017-05-13 | 2017-05-13 |
| HASH | 7b7aa67a3d47cb39d46ed556b220a7a… | 2017-05-13 | 2017-05-13 |
| HASH | b9318a66fa7f50f2f3ecaca02a96268… | 2017-05-13 | 2017-05-13 |
| URL | https://misentropic.com/wannacr… | 2017-05-13 | 2017-05-13 |
| DOMAIN | misentropic.com | 2017-05-13 | 2017-05-13 |
| DOMAIN | rphjmrpwmfv6v2e.onion | 2017-05-13 | 2017-05-13 |
| DOMAIN | fuji-news.net | 2017-05-13 | 2017-05-13 |
| DOMAIN | doublepulsar.below0day.com | 2017-05-13 | 2017-05-13 |
| DOMAIN | 57gspsprrzlojinas.onion | 2017-05-13 | 2017-05-13 |
| DOMAIN | sqjolphimrr7jqw6.onion | 2017-05-12 | 2017-05-13 |