WannaCry no kill switch 3rd wave

General (Technical, Procedural, Software, Hardware etc.)

Last Post by RolfGutmann 8 years ago

2 Posts

1 Users

0 Reactions

606 Views

RSS

RolfGutmann

(@rolfgutmann)

Noble Member

Joined: 10 years ago

Posts: 1185

Topic starter 15/05/2017 12:29 am

You may laugh on me if you already knew, but maybe not

Patch XP, 7, 8, 8.1, 10 and SMB 2003 Server immediately to prevent from worm and ransomware WannaCry 3rd wave since friday. The actual version has no kill switch in the WORM, the ransomware is part two of WannaCry.

http//thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html

So just patch your system.

Quote

RolfGutmann

(@rolfgutmann)

Noble Member

Joined: 10 years ago

Posts: 1185

Topic starter 15/05/2017 3:18 am

The Yara Rule Set you find here

https://github.com/Neo23x0/signature-base/blob/master/yara/crime_wannacry.yar

The Indicators Of Compromise (IOC) you find here

https://www.us-cert.gov/ncas/alerts/TA17-132A

If you are interested in CyberSec Threat Intel Sharing standards you can learn these terms

STIX Structured Threat Information Expression
TAXII Trusted Automated eXchange of Indicator Information
CybOX Cyber Observable eXpression

https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
https://www.rsaconference.com/writable/presentations/file_upload/air-f01-stix-taxii-cisa-_impact-of-the-us-cybersecurity-information-sharing-act-of-2015.pdf

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
296 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed