WannaCry - New Variants Detected!
Contents
One new wave stopped today but the worse is yet to come
Read More: Part 1âââPart 2âââPart 3âââPart 4 @msuiche (Twitter)
UPDATE: Latest development (15May): Attribution and links to Lazarus Group
UPDATE2:âââDecrypting files
As a follow-up article on WannaCry, I will give a short brief about the new variants found in the wild, not for experimentation but on infected machines today.
In short, one is a false positive some researchers uploaded to virustotal.com and the other is legit but we stopped it when I registered the new kill-switch domain name.
Update: At the time the below twitt was posted, the above stopped ~10K machines from 76 different countries to spread the infection from the new variant.
On Friday 12 May 2017, MalwareTechBlog registered the first kill switch (
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that enable to slow down the infection rate of WannaCry ransomware. This is
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c.
Protecting the Internet one domain at a timeâââSecond killswitch registered on Sunday 14 by myself.
Today (14 May …
Read More: Part 1âââPart 2âââPart 3âââPart 4 @msuiche (Twitter)
UPDATE: Latest development (15May): Attribution and links to Lazarus Group
UPDATE2:âââDecrypting files
As a follow-up article on WannaCry, I will give a short brief about the new variants found in the wild, not for experimentation but on infected machines today.
In short, one is a false positive some researchers uploaded to virustotal.com and the other is legit but we stopped it when I registered the new kill-switch domain name.
Update: At the time the below twitt was posted, the above stopped ~10K machines from 76 different countries to spread the infection from the new variant.
On Friday 12 May 2017, MalwareTechBlog registered the first kill switch (
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that enable to slow down the infection rate of WannaCry ransomware. This is
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c.
Protecting the Internet one domain at a timeâââSecond killswitch registered on Sunday 14 by myself.
Today (14 May …
IoC
07C44729E2C570B37DB695323249474831F5861D45318BF49CCF5D2F5C8EA1CD
07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd
24D004A104D4D54034DBCFFC2A4B19A11F39008A575AA614EA04703480B1022C
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD
32F24601153BE0885F11D62E0A8A2F0280A2034FC981D8184180C5D3B1B9E8CF
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf
7F7CCAA16FB15EB1C7399D422F8363E8
84C82835A5D21BBCF75A61706D8AB549
D5DCD28612F4D6FFCA0CFEAEFD606BCF
D724D8CC6420F06E8A48752F0DA11C66
DB349B97C37D22F5EA1D1841E3C89EB4
ED01EBFBC9EB5BBEA545AF4D01BF5F1071661840480439C6E5BABE8E080E41AA
d5dcd28612f4d6ffca0cfeaefd606bcf
d724d8cc6420f06e8a48752f0da11c66
07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd
24D004A104D4D54034DBCFFC2A4B19A11F39008A575AA614EA04703480B1022C
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD
32F24601153BE0885F11D62E0A8A2F0280A2034FC981D8184180C5D3B1B9E8CF
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf
7F7CCAA16FB15EB1C7399D422F8363E8
84C82835A5D21BBCF75A61706D8AB549
D5DCD28612F4D6FFCA0CFEAEFD606BCF
D724D8CC6420F06E8A48752F0DA11C66
DB349B97C37D22F5EA1D1841E3C89EB4
ED01EBFBC9EB5BBEA545AF4D01BF5F1071661840480439C6E5BABE8E080E41AA
d5dcd28612f4d6ffca0cfeaefd606bcf
d724d8cc6420f06e8a48752f0da11c66