lazarusholic

2017-05-22, Symantec
https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
#WannaCry

Tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus, the group that was responsible for the destructive attacks on Sony Pictures and the theft of US$81 million from the Bangladesh Central Bank. Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign. Our analysis only allows us to attribute these attacks to the Lazarus group. The technical details do not enable us to attribute the motivations of the attacks to a specific nation state or individuals.
Prior to the global outbreak on May 12, an earlier version of WannaCry (Ransom.Wannacry) was used in a small number of targeted attacks in February, March, and April. This earlier version was almost identical to the version used in May 2017, with the only difference the method of propagation. Analysis of these early WannaCry attacks …

043E0D0D8B8CDA56851F5B853F244F677BD1FD50F869075EF7BA1110771F70C2
0489978ffa3b864ede646d0470500336
0f246a13178841f8b324ca54696f592b
184.74.243.67
196.45.177.52
1D4EC831292B611F1FF8983EBD1DB5D4
203.69.210.247
21307227ECE129B1E12797ECC2C9B6D9
2A99BCB5D21588E0A43F56AADA4E2F386791E0F757126B2773D943D7CBF47195
2BA20E39FF90E36086044D02329D43A8F7AE6A7663EB1198B91A95EA556CF563
3C86FC0A93299A0D0843C7D7FF1A137A9E799F8F2858D3D30F964E3C12C28C9E
3bc855bfadfea71a445080ba72b26c1c
41E9D6C3374FD0E78853E945B567F9309446084E05FD013805C70A6A8205CD70
436195BD6786BAAE8980BDFED1D7D7DBCCCB7D5085E79EBDCC43E22D8BAE08A8
511778c279b76cac40d5d695c56db4f5
524F8F0F8C31A89DF46A77C7A30AF5D2A1DC7525B08BFAFBED98748C3D8A3F1C
55dd9b0af2a263d215cb4fd48f16231a
6F0338AF379659A5155B3D2A4F1A1E92
7F8166589023CD62AE55A59F5FCA60705090D17562B7F526359A3753EB74EA2F
8386379a88a7c9893a62a67ea3073742
84.92.36.96
86759CE27D0FE0B203AAA19D4390A416
87.101.243.252
8A4D2BAA8CF519C7A9B91F414A0A9D8BA2B9E96D21D9E77DA7B34ED849830A36
91146EE63782A2061701DB3229320C161352EE2BC4059CCC3123A33114774D66
92B0F4517FB22535D262A7F17D19F7C21820A011BFE1F72A2EC9FBFFBDC7E3E0
92b0f4517fb22535d262a7f17d19f7c21820a011bfe1f72a2ec9fbffbdc7e3e0
9A5FA5C5F3915B2297A1C379BE9979F0
9F177A6FB4EA5AF876EF8A0BF954E37544917D9AABA04680A29303F24CA5C72C
9c7c7149387a1c79679a87dd1ba755bc
A7EA1852D7E73EF91EFB5EC9E26B4C482CA642D7BC2BDB6F36AB72B2691BA05A
AE8E9FF2DC0EC82B6BAE7C4D978E3FEAC93353CB3CD903E15873D31E30749150
CA8DC152DC93EC526E505CF2A173A635562FFBF55507E3980F7DC6D508F0F258
D0CE651A344979C8CD11B8019F8E4D7E
E8C6ACC1EB7256DB728C0F3FED5D23D7
F27CF59B00DACDD266AD7894A1DF0894
FC079CEFA19378A0F186E3E3BF90BDEA19AB717B61A88BF20A70D357BF1DB6B8
FCF3702E52AE32C995A36F7516C662B7
a1ffca7ba257b4eca7fe7d1e78bac623
ac21c8ad899727137c4b94458d7aa8d8
e117406e3c14ab8e98b27c3697aea0b6
f27cf59b00dacdd266ad7894a1df0894
f774c0588da59a944abc78d5910be407
fa6ee9e969df5ca4524daa77c172a1a7