EternalBlue & DoublePulsar – NSA Equation Group Breakdown

''

WANNACRY Overview  May 12th marked one of the largest cyber-security breaches in history. With the onset of a ransomware strain titled ‘WannaCry’ several variants have since  been re-engineered and introduced into the wild. Our crew of Threat Intelligence Researchers, Incident Response Team, and Security Operations Center personnel have diagnosed of […]

WannaCry Malware Sample Analysis

''

Overview The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to test network connectivity. If the network is reachable the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain […]