test_scratch
/
cti-ATT-CK-v13.1
/ics-attack
/malware
/malware--75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661.json
{ | |
"type": "bundle", | |
"id": "bundle--d7eda39f-af96-4ca3-9037-aab5ba71dbd6", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-03-08T22:20:20.868Z", | |
"name": "WannaCry", | |
"description": "[WannaCry](https://attack.mitre.org/software/S0366) is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.(Citation: LogRhythm WannaCry)(Citation: US-CERT WannaCry 2017)(Citation: Washington Post WannaCry 2017)(Citation: FireEye WannaCry 2017)", | |
"x_mitre_platforms": [ | |
"Windows" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_domains": [ | |
"enterprise-attack", | |
"ics-attack" | |
], | |
"x_mitre_version": "1.1", | |
"x_mitre_contributors": [ | |
"Jan Miller, CrowdStrike" | |
], | |
"x_mitre_aliases": [ | |
"WannaCry", | |
"WanaCry", | |
"WanaCrypt", | |
"WanaCrypt0r", | |
"WCry" | |
], | |
"type": "malware", | |
"id": "malware--75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661", | |
"created": "2019-03-25T17:30:17.004Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/software/S0366", | |
"external_id": "S0366" | |
}, | |
{ | |
"source_name": "WanaCrypt0r", | |
"description": "(Citation: LogRhythm WannaCry)" | |
}, | |
{ | |
"source_name": "WCry", | |
"description": "(Citation: LogRhythm WannaCry)(Citation: SecureWorks WannaCry Analysis)" | |
}, | |
{ | |
"source_name": "WanaCry", | |
"description": "(Citation: SecureWorks WannaCry Analysis)" | |
}, | |
{ | |
"source_name": "WanaCrypt", | |
"description": "(Citation: SecureWorks WannaCry Analysis)" | |
}, | |
{ | |
"source_name": "FireEye WannaCry 2017", | |
"description": "Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.", | |
"url": "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html" | |
}, | |
{ | |
"source_name": "SecureWorks WannaCry Analysis", | |
"description": "Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.", | |
"url": "https://www.secureworks.com/research/wcry-ransomware-analysis" | |
}, | |
{ | |
"source_name": "Washington Post WannaCry 2017", | |
"description": "Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.", | |
"url": "https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4" | |
}, | |
{ | |
"source_name": "LogRhythm WannaCry", | |
"description": "Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.", | |
"url": "https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/" | |
}, | |
{ | |
"source_name": "US-CERT WannaCry 2017", | |
"description": "US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.", | |
"url": "https://www.us-cert.gov/ncas/alerts/TA17-132A" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"labels": [ | |
"malware" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |