Seems like an older sample of Bravonc, used to spread WannaCry in this instance. Good write-up here: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group …
There's this sample: https://www.virustotal.com/en/file/f7ac79028005596e76ba9b2e1b9b777b3e1a649d927572214fdd3ddaea2ec120/analysis/1522195341/ …
Some vendors, including @kaspersky, detects as WannaCry.
@WDSecurity and @symantec detects as Bravonc.
Seen yesterday.
Coincidence that it was seen on same day as Boeing case, or could be related?
@BleepinComputer @demonslay335pic.twitter.com/NuwSZkj1w3
-
-
-
Yes, it carries WannaCry. But it's not even the latest version... And interesting that the wallet address inside it got transactions even in past December...
pic.twitter.com/sdFRegrjQr
- Show replies
New conversation -
-
-
Maybe the code similarity analysis of this can help to shed some light: https://analyze.intezer.com/#/analyses/2f3e0560-ec96-4c99-8a11-4fb08e14d55d … Click inside to see diffs to the specific variants for each family
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.