[Emerging-Sigs] Ransomware WannaCry 2.0

Darien Huss dhuss at emergingthreats.net
Fri May 12 11:16:10 EDT 2017


2024218 covers what appears to be attempts to spread.

Regards,
Darien

On Fri, May 12, 2017 at 11:06 AM, James Lay <jlay at slave-tothe-box.net>
wrote:

> SMB :(
>
> https://translate.google.com/translate?sl=auto&tl=en&js=y&
> prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fwww.ccn-cert.
> cni.es%2Fseguridad-al-dia%2Fcomunicados-ccn-cert%2F4464-
> ataque-masivo-de-ransomware-que-afecta-a-un-elevado-
> numero-de-organizaciones-espanolas.html&edit-text=
>
> https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
>
> James
>
> On 2017-05-12 09:05, Kevin Ross wrote:
>
> Hi, does anyone know how this is spreading? I am hearing reports from
> others in my service sector and I am fearing it is a worm. Thanks
>
> On 12 May 2017 3:24 p.m., "Kevin Ross" <kevross33 at googlemail.com>
> wrote:
>
> Hi,
>
> No CnC that i can see although there is payment domains if anyone
> wants to focus in on those for detection but has a bigger impact
> than Jaff apparently. Analysed MD5 84c82835a5d21bbcf75a61706d8ab549
>
> https://www.bleepingcomputer.com/news/security/telefonica-
> tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/
>
> [1]
>
> Kind regards,
> Kevin
>
>
>
> Links:
> ------
> [1]
> https://www.bleepingcomputer.com/news/security/telefonica-
> tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20170512/9b21e15a/attachment.html>


More information about the Emerging-sigs mailing list