WannaCry
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| WanaCry | (Citation: SecureWorks WannaCry Analysis) |
| WanaCrypt | (Citation: SecureWorks WannaCry Analysis) |
| WanaCrypt0r | (Citation: LogRhythm WannaCry) |
| WCry | (Citation: LogRhythm WannaCry)(Citation: SecureWorks WannaCry Analysis) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service |
WannaCry creates the service "mssecsvc2.0" with the display name "Microsoft Security Center (2.0) Service."(Citation: LogRhythm WannaCry)(Citation: FireEye WannaCry 2017) |
| Enterprise | T1573 | .002 | Encrypted Channel: Asymmetric Cryptography |
WannaCry uses Tor for command and control traffic and routes a custom cryptographic protocol over the Tor circuit.(Citation: SecureWorks WannaCry Analysis) |
| Enterprise | T1222 | .001 | File and Directory Permissions Modification: Windows File and Directory Permissions Modification |
WannaCry uses |
| Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
WannaCry uses |
| Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
WannaCry uses Tor for command and control traffic.(Citation: SecureWorks WannaCry Analysis) |
| Enterprise | T1563 | .002 | Remote Service Session Hijacking: RDP Hijacking |
WannaCry enumerates current remote desktop sessions and tries to execute the malware on each session.(Citation: LogRhythm WannaCry) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0032 | Lazarus Group |
(Citation: FireEye APT38 Oct 2018) (Citation: LogRhythm WannaCry) (Citation: FireEye WannaCry 2017) (Citation: SecureWorks WannaCry Analysis) |
References
- Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.
- US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.
- Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.
- Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.
- Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.
- FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.