WannaCry no kill sw...
 
Notifications
Clear all

WannaCry no kill switch 3rd wave

2 Posts
1 Users
0 Likes
419 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

You may laugh on me if you already knew, but maybe not

Patch XP, 7, 8, 8.1, 10 and SMB 2003 Server immediately to prevent from worm and ransomware WannaCry 3rd wave since friday. The actual version has no kill switch in the WORM, the ransomware is part two of WannaCry.

http//thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html

So just patch your system.

 
Posted : 14/05/2017 11:29 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

The Yara Rule Set you find here

https://github.com/Neo23x0/signature-base/blob/master/yara/crime_wannacry.yar

The Indicators Of Compromise (IOC) you find here

https://www.us-cert.gov/ncas/alerts/TA17-132A

If you are interested in CyberSec Threat Intel Sharing standards you can learn these terms

STIX Structured Threat Information Expression
TAXII Trusted Automated eXchange of Indicator Information
CybOX Cyber Observable eXpression

https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
https://www.rsaconference.com/writable/presentations/file_upload/air-f01-stix-taxii-cisa-_impact-of-the-us-cybersecurity-information-sharing-act-of-2015.pdf

 
Posted : 15/05/2017 2:18 am
Share: