Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-29 02:12:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
a4924b8159
cyber_threat_intelligence/actors/WannaCry
History
Marc Ruef a4924b8159 Update August 2023
2023-08-01 08:06:09 +02:00
..
README.md Update August 2023 2023-08-01 08:06:09 +02:00

README.md

WannaCry - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as WannaCry. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.wannacry

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with WannaCry:

There are 13 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of WannaCry.

ID IP address Hostname Campaign Confidence
1 2.3.69.209 lfbn-cle-1-223-209.w2-3.abo.wanadoo.fr - High
2 5.35.251.247 rs209896.rs.hosteurope.de - High
3 23.254.167.231 hwsrv-985873.hostwindsdns.com - High
4 38.229.72.16 - - High
5 46.101.166.19 - - High
6 50.7.161.218 - - High
7 62.210.124.124 leavenged.best - High
8 ... ... ... ...

There are 27 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by WannaCry. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-25, CWE-425 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80, CWE-85 Cross Site Scripting High
6 T1068 CWE-264, CWE-269, CWE-284 J2EE Misconfiguration: Weak Access Permissions for EJB Methods High
7 ... ... ... ...

There are 22 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by WannaCry. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File //proc/kcore Medium
2 File /about.php Medium
3 File /acms/admin/?page=transactions/manage_transaction High
4 File /action/import_https_cert_file/ High
5 File /addnews.html High
6 File /admin/?page=inmates/view_inmate High
7 File /admin/?page=system_info High
8 File /admin/?page=system_info/contact_info High
9 File /admin/addemployee.php High
10 File /admin/add_exercises.php High
11 File /admin/attendance_row.php High
12 File /admin/categories/manage_category.php High
13 File /admin/categories/view_category.php High
14 File /admin/del.php High
15 File /admin/edit.php High
16 File /admin/edit_subject.php High
17 File /admin/employee_row.php High
18 File /admin/folderrollpicture/list High
19 File /admin/lab.php High
20 File /Admin/login.php High
21 File /admin/maintenance/brand.php High
22 File /admin/maintenance/view_designation.php High
23 File /admin/mechanics/manage_mechanic.php High
24 File /admin/new-content High
25 File /admin/reportupload.aspx High
26 File /admin/service.php High
27 File /admin/sign/out High
28 File /admin/siteoptions.php&action=displaygoal&value=1&roleid=1 High
29 File /admin/transactions/track_shipment.php High
30 File /admin/usermanagement.php High
31 File /admin/video/list High
32 File /api/plugin/uninstall High
33 File /aqpg/users/login.php High
34 File /bcms/admin/?page=reports/daily_court_rental_report High
35 File /bcms/admin/?page=user/list High
36 File /bin/httpd Medium
37 File /blog Low
38 File /blog/edit Medium
39 File /car-rental-management-system/admin/manage_user.php High
40 File /cardo/api Medium
41 File /cdsms/classes/Master.php?f=delete_enrollment High
42 File /cgi-bin/login.cgi High
43 File /cgi-bin/touchlist_sync.cgi High
44 File /change-language/de_DE High
45 File /ci_spms/admin/category High
46 File /classes/Master.php?f=delete_account High
47 File /classes/Master.php?f=save_item High
48 File /classes/Users.php?f=save High
49 File /company/down_resume/total/nature High
50 File /ctpms/admin/?page=applications/view_application High
51 File /ctpms/admin/individuals/update_status.php High
52 File /cwms/admin/?page=articles/view_article/ High
53 File /cwms/classes/Master.php?f=save_contact High
54 File /dashboard/add-blog.php High
55 File /dashboard/add-portfolio.php High
56 File /dashboard/settings High
57 File /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language High
58 File /etc/passwd Medium
59 File /forum/away.php High
60 File /goform/aspForm High
61 File /goform/RgDdns High
62 File /goform/RgDhcp High
63 File /goform/RGFirewallEL High
64 File /goform/RgTime High
65 ... ... ...

There are 570 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!