← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
WannaCry
WHITE NSO Group - Pegasus OctoSeek 2024-02-01 Modified: 2024-03-02
11691
IOCs
HIGH VOLUME
WannaCry ransomware explained. WannaCry is an example of crypto ransomware, a type of malicious software (malware) used by cybercriminals to extort money
contactedtsara brashearsurls urlfilespegasusdomainscellbritetargets sasurvivorapple iosexecutionlockbitmalwarecoreawfulhacktoolcryptoransomexxquasarasyncratbot networkloaderransomwarewannacrycryptorencodercompilerwin32 dllpe32intelms windowsms visualwin32 dynamiclink librarywin16 nepe32 compilervs98containedw englishinfo compilerproductsheader intelname md5typelanguageoverlayas133618unknowncnameunitedgermany unknownukraine unknownireland unknownvirgin islandsas47846as39084 rinetdateencryptnextmicrosoft visual c++ v6.0as133618 trellian pty. limiteddynamicloaderhight1063yara rulemediumspoofshigh securitysoftwarediscoveryattemptsaprildropperreads selfbotsconnectbotnetsabeylibelmenacingbrother sabeyas15169 googleaaaasearchname serversas29182 jscrussia unknownfounderror
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Trojan:Win32/WannaCry.350
Indicators of Compromise (67 / 11691 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL hostname FilePath CVE email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2f6c3a818b613429f51975e95ffc37b8 MD5 of 0001f1c24ca83ead3fa847198d3935d66de76fc2d9d3fb9b8245cbd7fa5bc247 2024-02-01
FileHash-MD5 567f82ed3e31ba5dc3fe2324533f5336 MD5 of 0024e50077f183f60d408cfbe776dc1e1a0469793ffb538007147dda55aaf677 2024-02-01
FileHash-MD5 df548040daf1ca181db8ba00dd175895 MD5 of 000361abbe97f10e37717557f0074523b51a1615d96053f01da04cdacf581ade 2024-02-01
FileHash-MD5 4631f452f7d82f8f6e90d4aef1de6dd6 MD5 of 000132f0480c29a1fab4aef700f0815a267b1e335c834654c239ca9208190733 2024-02-01
FileHash-MD5 ba3e762612d4bd22e2f31e96771676fb MD5 of 00006ce40a0c33fda4b8908a3acc95a7c6658edd51ca1f692d8b6e7c8cfb8c19 2024-02-01
FileHash-MD5 030eeb0af0ba09c2eaf1ccb1e27fff13 MD5 of 000127d103774b0e83a9c96a7a51cafe834ed0bec78450b3b86ef38e7cd02727 2024-02-01
FileHash-MD5 0361ed38d0bf32631d8a64a29ddddc5b MD5 of 0007869cca91c9d46a0ef17fca8deff347c89f1dbfff3e1f7c9cf4acea0ba88e 2024-02-01
FileHash-MD5 05fa7f7fec170618cc8bc74717822527 2024-02-01
FileHash-MD5 074bf50baafb01ed510f90a20315ab3b MD5 of 074b9e8e53a3afc1bd1704de94f3ac9b8f7e57bd6dacee130018e4c59f364ca5 2024-02-01
FileHash-MD5 0871f8d956e19b4183aa8f4ca1cb1a3e MD5 of 001e8c4394c42b4558588350da420c4226e21411905dbf13b9f323847e8be442 2024-02-01
FileHash-MD5 0a2e98ef91d0a5ffafd7a93813eb9c5a MD5 of 000294c708bdd9ddbfad3f527da950bbc9026cf4f7b19f2850b0ae97b09d5268 2024-02-01
FileHash-MD5 0a856c5281564ac0c8854cfbb7dccf4c MD5 of 003e025d2271c52c7f8fd86ccb3d03a652b145f5c7351f1b5791194180c4474a 2024-02-01
FileHash-MD5 0b6f55ad6506737d00b23470bd75c19e MD5 of 00028a6a8afdef1ae3703e818ba5e9b64245863f0d2dda34e3110e9b11c81212 2024-02-01
FileHash-MD5 132488085a95cb966accd9c499b275d6 MD5 of 019b752fbfbfeca83ca459bfd78b7db1d5755b26fb90477fedfd68dfa3f78c69 2024-02-01
FileHash-MD5 13de42ade67ab29fd07fd2b567faa530 MD5 of bb845f5f4858d488b601f0e0f4ac423d3f5a0a6ac81a455927245194752e9dc2 2024-02-01
FileHash-MD5 1bc9d475ddf9259bed0d0d0af7ad902a MD5 of 00b10b8a8337a046bb47fda25e33be1c9a9c4fcb7092402bc0ef5adcbbe02cd4 2024-02-01
FileHash-MD5 1df3c4c26d8830c946d10cfa79cb3ead MD5 of 00034d3f2cff0402bf6d6bff9f131071ae08cfdf964203493c4466969b6d4b78 2024-02-01
FileHash-MD5 2b3946ccc4aad78a4484a9bc78d2a75f MD5 of 24051d18e3365b917c740dc5ec61c6e7d195d0384f5712c6a00396564c403d2b 2024-02-01
FileHash-MD5 3be20f8b614703c1a0fe8c8b1e8caf17 MD5 of 000002f1558a89f29984934d511289491032f9e96a249c12f2f6d42678264114 2024-02-01
FileHash-MD5 3f9cde74db97712fcb7ab90ba8ef6087 MD5 of 00158a161d55d914a09c6398b1668df120ae9ca074afb50192e2b8a53269f2d5 2024-02-01
FileHash-MD5 4bbe26afe2f20b061346cc39c228e91d MD5 of 0001b8b90088e0a5759863e26cde14821526f66c707f6f9ca72fdd8aabde7ccf 2024-02-01
FileHash-MD5 615ce9581702cc648d0c3e36359ac73d MD5 of 0000bbe2b06bd5b8a235cbe831da507991657d2c3191d142acff6bbded794833 2024-02-01
FileHash-MD5 62d084d10adbd302a557407f163b2d98 MD5 of 00004f0d2525749eb41f911902b3fd96ad6803f3fd4c6dc0e2046dc37f8edefc 2024-02-01
FileHash-MD5 6f0f7bf5a6caed7dd1dcc4697f0b6c74 MD5 of 0b4d8191c0a314caf8139d320e785739abb8f08363fab7dc37ceb87870c6e65e 2024-02-01
FileHash-MD5 704e15aac4f6ff2801ffbc51f01fda6b MD5 of 000297737263264d5bab4be8f8abf0b28f718255efce9d021d10c6db71ce062b 2024-02-01
FileHash-MD5 7265719c94c5ffbcdbb5f71228d8ca68 MD5 of 0000028f80066ad99544cc7a79caa649ee72eca2711b1b1128df61ffd13b0657 2024-02-01
FileHash-MD5 75cd8b76b8abd07d40446d9ba0bd6356 MD5 of 000da465080fdbdcf74e9ae8fd3d3a65cc070875c2fd1b660eaa38f97fb50e75 2024-02-01
FileHash-MD5 76e55dd7d0c0815c9bfbe710084e4f9b MD5 of 0003710ce6e0ab5899cd2048f8ee507b7a38c823cdaa78ba1506be913e8754c9 2024-02-01
FileHash-MD5 7893c0ef3de2f09b8ff78bbcea054931 MD5 of 0001eb229175ef5690be7fa3bb5b8e701b9bbdd874324fa72a9d6ed5fe109401 2024-02-01
FileHash-MD5 79b4956b7ec478ec10244b5e2d33ac7d MD5 of 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 2024-02-01
FileHash-MD5 7a440fab590b8eed3cf945f96dbdd246 MD5 of 1877da8837462c05ab2466eac66cbc3966be3232cc1629590ef3705fbac442af 2024-02-01
FileHash-MD5 7b7c0422888ef10f8827ab6c185f99d1 MD5 of 00029e18d3be11250d0721f502bb761bf7a4574b791842ed76616397f5258df6 2024-02-01
FileHash-MD5 8336018303d8cbe26a003d8476e530c1 MD5 of 1baf3db733e3284eba8e6bb01e40d8b7fbd326c9e8930f99c0f99d93598443e9 2024-02-01
FileHash-MD5 8692ca84b76d38ec5c260265413e4ca2 MD5 of 000ce16aa593d3de6ee74dc23d0ef231a77383c7545990d32c47f038314d0051 2024-02-01
FileHash-MD5 8af33f2b26efed3ced9c9fe29e672049 MD5 of 0000aa64e646b3f4a13d692ec3dd7ea2c04c28a9c4b37ff3186bdbe45dec6f65 2024-02-01
FileHash-MD5 8e23180df7dba034624ba6d545f84a7d MD5 of 003e385a51f205b90f1bd1c60e4f2ea3c5dbb3866b17427fd1b82b59318708f3 2024-02-01
FileHash-MD5 9088029e38b2a393f22afd9e576ce86e MD5 of 3468e0c875db94a8f45d56ab76bbcc677b942ca51a23649ba3c5ad1b20e391f1 2024-02-01
FileHash-MD5 90f23947814a0f41ae1a977e543e90f7 MD5 of 00230806e176a9a4b6953824aae1f7d04dc5a57bf8f31a08531f07d5abffc81c 2024-02-01
FileHash-MD5 92cbd369cd61fa8dde43dfd91235def2 MD5 of 000008f6750082ab37f16c85edba1de6e8cb43a97feb0499b93a81c77a7bfdfc 2024-02-01
FileHash-MD5 967d74efec5cac2482c23ba60c6d8be1 MD5 of 0000cf372566d5c25954f185a35569771fab74c56bb6545ada9038cd3ba73de0 2024-02-01
FileHash-MD5 a9e30b1fb713811268ed6d19f861a9a0 MD5 of c2296e84f8006015a4c8de90ca33a2dafe61d6fd8a9a250dc3f3323fa71496a5 2024-02-01
FileHash-MD5 b2f4f83ec98c683201488ce143fc3cf1 MD5 of 07bd21e95bd2447ef02df1a56852a4e691a592a03151f1a099c1208fccb08abb 2024-02-01
FileHash-MD5 b76c00d7e47405339902ab9d03ffa4fb MD5 of 0001b78815d60f92fbb8c7d623be77f68fd9f848cd54567f2845f9e87ce3f9fc 2024-02-01
FileHash-MD5 ba399445e9c39799ad42db033b071199 MD5 of 01a96f44191d8eb10c8ed7fcbe1e626860af0d350d85974a033f753f669f7911 2024-02-01
FileHash-MD5 bb98d25778a8266e205dd320145811cb MD5 of 00000b8805181ec473d0283209920ad2bd4c6c099b6894581ac94aa1bc20fdec 2024-02-01
FileHash-MD5 bc853d75d8a0546ce92c1ec26b8fa876 MD5 of 3189f64435b8f61a9b6fe91c38551a5a574eefb6fc186bed75c9947b1f487ca4 2024-02-01
FileHash-MD5 be351172245a118d301ef34175cb825a MD5 of 00000ae84c4f1f2332ef155130b4b8d65f1ed972a9cd851fe9e85f236f8cfa32 2024-02-01
FileHash-MD5 c0306554fda888e1006cf60b31dddd8c MD5 of 00133805d692da064e8e47b1d06298998764c5284606bbcd79ef753ca68cac41 2024-02-01
FileHash-MD5 c1a99e3bde9bad27e463c32b96311312 MD5 of 671425187f3ec0da502d2e6b760de93661c1cf5381f81d21c64c6015fbcde2b3 2024-02-01
FileHash-MD5 c8752f507a4685be680d899a56fb3bf1 MD5 of 00002c16fbbc9a7bae8e379d6b91738aac993e908c92a765e12c1d424f74e5ca 2024-02-01
FileHash-MD5 c96a7c16dba7b75f2c90dbbba873bb41 MD5 of 00000eeca7589605cbf6372293444d14a49129a520a91a9d6889ebd0613445aa 2024-02-01
FileHash-MD5 e3479bd794cb364d4c2b6d175e453e42 MD5 of 000023276a724ec32da7cd0d2c828b1397f18b74d54a05d1afacf6255441014a 2024-02-01
FileHash-MD5 e63dc29b24934b64f077291d2eba75f2 MD5 of 0001c1409b360fc8e1b6933d20c7bfa42e1f5d7bc1593a5057a96930e0b53488 2024-02-01
FileHash-MD5 e971756a31be4b6c7de00d27dad930e6 MD5 of 000f4b1411746909f5a37b7104436144cdaf91c3fe1a8281361a7661dd2e4e3b 2024-02-01
FileHash-MD5 edbe14cfa95b34cb7de70f5656fa34c8 MD5 of 33c2f0f2c82f55eccdc5272a88763869e303066b2e5e40c47b25b2d58edf7cda 2024-02-01
FileHash-MD5 f07f19c2b3981a230126641fbe16b741 MD5 of 0002550f83c2429e58ad5cbc10c582a57b6c1fcff0779e79d5c32891091d6bc9 2024-02-01
FileHash-MD5 f57828d44a49b434e879b81c69e4c36f MD5 of 3ded916797bdcb7380459cde145b8471644b5f523d14fa9039ab178d19752821 2024-02-01
FileHash-MD5 ffdd5bd0df7a55ca9f0c2651213e4bb1 MD5 of 12f23f671492bafa574f927b04df701aa60ce6360d8d7c1627e58a35c3095a19 2024-02-01
FileHash-MD5 2e5708ae5fed0403e8117c645fb23e5b 2024-02-01
FileHash-MD5 4949dadf1b06f4f569906fda4710f8e4 2024-02-01
FileHash-MD5 3dd394f95ab218593f2bc8eb65184db4 2024-02-01
FileHash-MD5 8de9a2cb31e4c74bd008b871d14bfafc 2024-02-01
FileHash-MD5 8e2fda1c2dc4e17211455bb728671789 2024-02-01
FileHash-MD5 fe5022c5b5d015ad38b2b77fc437a5cb 2024-02-01
FileHash-MD5 5db181464b246ca264379022dd41a24c MD5 of 2ec49b383fbc2da9d8953ced39772e8659adf9cf 2024-02-01
FileHash-MD5 79b68a12e4eb6aa0c59dd1289006924f 2024-02-01
FileHash-MD5 3828b028db181e0fcec399b3a2215977 2024-02-01
References (23)
↗ https://www.instagram.com/unipegasus_infotech_solutions/?hl=en (dang) ↗ cellebrite.com | enterprise.cellebrite.com ↗ http://pegasus.diskel.co.uk/ | china.pegasus-idc.com | imap.pegasustech.ne ↗ deviceinbox.com ↗ 671425187f3ec0da502d2e6b760de93661c1cf5381f81d21c64c6015fbcde2b3 ↗ c1a99e3bde9bad27e463c32b96311312.virus ↗ CS Yara rule:WannaCry_Ransomware from ruleset crime_wannacry by Florian Roth (Nextron Systems) (with the help of binar.ly) ↗ CS Yara rule:SUSP_Imphash_Mar23_2 from ruleset gen_imphash_detection by Arnim Rupp (https://github.com/ruppde) ↗ CS IDS rule: (icmp4) ICMP destination unreachable communication administratively prohibited ↗ CS IDS rule: (port_scan) TCP filtered portsweep ↗ CS IDS rule: (stream_tcp) data sent on stream after TCP reset received ↗ CS IDS rule: ET DROP Spamhaus DROP Listed Traffic Inbound group 14 ↗ CS Sigma Rule: Creation of an Executable by an Executable by frack113 ↗ Trojan:Win32/WannaCry.350 ↗ https://www.sweetheartvideo.com/tsara-brashears/ [Bot Network] ↗ angebot.staude.de ↗ https://otx.alienvault.com/indicator/file/1b7a83a7a35418afa60e88eabcb9fd5a8689700bba20dadb5fbad4e197ce1f1e ↗ https://cura360.com/foldawheel-phoenix-fully-powered-standing-wheelchair?utm_source=google&utm_medium=PLA&gad_source=1&gclid=EAIaIQobChMIw92wtdnigwMVhV9HAR126wDrEAQYASABEgJ_aPD_BwE ↗ https://www.anyxxxtube.net/search-porn/tsara-brashears/ ↗ https://www.sweetheartvideo.com/tsara-brashears/ ↗ https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian ↗ https://pin.it/ [Pinterest BotNetwork for Pegasus] ↗ http://joshuajenkinslaw.com/uploads/1/3/0/6/130639888/xetetorobezaj.pdf [redirect] http://joshuajenkinslaw.com/uploads/1/3/0/6/130639888/