Malware: WannaCry

Description

[WannaCry](https://attack.mitre.org/software/S0366) is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.(Citation: LogRhythm WannaCry)(Citation: US-CERT WannaCry 2017)(Citation: Washington Post WannaCry 2017)(Citation: FireEye WannaCry 2017)

External References

• mitre-attack
• FireEye WannaCry 2017
• SecureWorks WannaCry Analysis
• Washington Post WannaCry 2017
• LogRhythm WannaCry
• US-CERT WannaCry 2017

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1018 — Remote System Discovery
• T1047 — Windows Management Instrumentation
• T1083 — File and Directory Discovery
• T1090.003 — Multi-hop Proxy
• T1120 — Peripheral Device Discovery
• T1210 — Exploitation of Remote Services
• T1222.001 — Windows File and Directory Permissions Modification
• T1486 — Data Encrypted for Impact
• T1489 — Service Stop
• T1490 — Inhibit System Recovery
• T1543.003 — Windows Service
• T1563.002 — RDP Hijacking
• T1564.001 — Hidden Files and Directories
• T1570 — Lateral Tool Transfer
• T1573.002 — Asymmetric Cryptography

APT Groups Using This Malware

• Lazarus Group