Sample Analysis | 绿盟科技技术博客

Analysis Report on the WannaCry Sample

2017-05-17郝秀文Attack Location, Detection Method, EnglishVersion, Main Functions, NSFOCUS, NSFOCUS Detection Services, Sample Analysis, WannaCry Sample

The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks.

Operation Ghoul Attacks Technical Analysis and Solution

On June 8 and June 27, 2016, Kaspersky Lab discovered a new wave of targeted attacks in multiple regions around the world. The attacker sent spear phishing emails to entice victims to execute malware in these emails for the purpose of obtaining key business data from the target network.