mtrappat April 16,2018 This is an interesting video that outlines foundational steps towards analyzing any malicious anomaly. For this particular instance, it would have been beneficial to analyze how WANNACRY exploited the Microsoft SMB vulnerability. Specifically, the orator never mentioned anything about vulnerability or SMB system calls.
rjvanderat April 29,2018 Incredibly useful analysis for determining indicators of compromise. All of the analysis was done once the malware was already present on the system so I would think that determining how the malware was originally delivered would also help administrators block the malware from their respective systems.
osufitchiat May 01,2018 This was my first time actually seeing WannaCry in action and not just hearing about it. I was surprised to see how much "support" the hacker is willing to provide the victim: A contact button, a button to teach about bitcoin, a button to teach how to pay it... I guess it makes sense. The users who are likely to click on bad links are also more likely to be less than tech-savvy.
jcolem21at May 03,2018 This is a very well constructed video. The analysis and explanation was done well. Does this variant operate similar to cryptowall other than the stand alone features and better tor integration or does it have additional payload to traverse the network and further penetrate (I have seen several variants that will not only hit mapped drives but also scan the network for accessible shares to further the number of effected files)? Is there evidence that the virus is looking to spread via SMB 1.0 packet exploits like most "experts" are claiming? I didn't notice any scans in the wireshark log looking for vulnerable systems?
djoseph4at May 04,2018 This analysis is really useful and it did a good job of explaining all the different things the malware does. It's crazy how complex it is and I would be intrigued to see if and how a system can be clean up once it has been infected. It was really cool to see it in action.