{ "type": "bundle", "id": "bundle--d7eda39f-af96-4ca3-9037-aab5ba71dbd6", "spec_version": "2.0", "objects": [ { "modified": "2023-03-08T22:20:20.868Z", "name": "WannaCry", "description": "[WannaCry](https://attack.mitre.org/software/S0366) is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.(Citation: LogRhythm WannaCry)(Citation: US-CERT WannaCry 2017)(Citation: Washington Post WannaCry 2017)(Citation: FireEye WannaCry 2017)", "x_mitre_platforms": [ "Windows" ], "x_mitre_deprecated": false, "x_mitre_domains": [ "enterprise-attack", "ics-attack" ], "x_mitre_version": "1.1", "x_mitre_contributors": [ "Jan Miller, CrowdStrike" ], "x_mitre_aliases": [ "WannaCry", "WanaCry", "WanaCrypt", "WanaCrypt0r", "WCry" ], "type": "malware", "id": "malware--75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661", "created": "2019-03-25T17:30:17.004Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0366", "external_id": "S0366" }, { "source_name": "WanaCrypt0r", "description": "(Citation: LogRhythm WannaCry)" }, { "source_name": "WCry", "description": "(Citation: LogRhythm WannaCry)(Citation: SecureWorks WannaCry Analysis)" }, { "source_name": "WanaCry", "description": "(Citation: SecureWorks WannaCry Analysis)" }, { "source_name": "WanaCrypt", "description": "(Citation: SecureWorks WannaCry Analysis)" }, { "source_name": "FireEye WannaCry 2017", "description": "Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.", "url": "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html" }, { "source_name": "SecureWorks WannaCry Analysis", "description": "Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.", "url": "https://www.secureworks.com/research/wcry-ransomware-analysis" }, { "source_name": "Washington Post WannaCry 2017", "description": "Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.", "url": "https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4" }, { "source_name": "LogRhythm WannaCry", "description": "Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.", "url": "https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/" }, { "source_name": "US-CERT WannaCry 2017", "description": "US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.", "url": "https://www.us-cert.gov/ncas/alerts/TA17-132A" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "labels": [ "malware" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }