Indicators Associated With WannaCry Ransomware
Indicators
IOCs associated with WannaCry Ransomware activity.
//node() | //@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
2017-05-19T01:50:19+00:00
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
qeriuwjhrf
3514368
MD5
3175E4BA26E1E75E52935009A526002C
SHA1
5D68E2779E2CCCEE49188363BE6CDDBB0BAC7053
SHA256
7E369022DA51937781B3EFE6C57F824F05CF43CBD66B4A24367A19488D2939E4
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
mssecsvc.exe
3723264
MD5
31DAB68B11824153B4C975399DF0354F
SHA1
14249E7FB3FB6F4B363C47D5AAE9F46DAB2083C1
SHA256
9B60C622546DC45CCA64DF935B71C26DCF4886D6FA811944DBC4E23DB9335640
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
cliconfg.exe
20480
MD5
4FEF5E34143E646DBF9907C4374276F5
SHA1
47A9AD4125B6BD7C55E4E7DA251E23F089407B8F
SHA256
4A468603FDCB7A2EB5770705898CF9EF37AADE532A7964642ECD705A74794B79
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
diskpart.exe
3514368
MD5
509C41EC97BB81B0567B059AA2F50FE8
SHA1
87420A2791D18DAD3F18BE436045280A4CC16FC4
SHA256
09A46B3E1BE080745A6D8D88D6B5BD351B1C7586AE0DC94D0C238EE36421CAFA
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
lhdfrgui.exe
3723264
MD5
5BEF35496FCBDBE841C82F4D1AB8B7C2
SHA1
50049556B3406E07347411767D6D01A704B6FEE6
SHA256
4186675CB6706F9D51167FB0F14CD3F8FCFB0065093F62B10A15F7D9A6C8D982
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
N/A
3723264
MD5
638F9235D038A0A001D5EA7F5C5DC4AE
SHA1
AF7DB69CBAA6AB3E4730AF8763AE4BF7B7C0C9B2
SHA256
5AD4EFD90DCDE01D26CC6F32F7CE3CE0B4D4951D4B94A19AA097341AFF2ACAEC
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
245760
MD5
775A0631FB8229B2AA3D7621427085AD
SHA1
8286354A6A051704DEC39993AF4E127D317F6974
SHA256
00FDB4C1C49AEF198F37B8061EB585B8F9A4D5E6C62251441831FE2F6A0A25B7
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
b9c5.bin
245760
MD5
7BF2B57F2A205768755C07F238FB32CC
SHA1
45356A9DD616ED7161A3B9192E2F318D0AB5AD10
SHA256
B9C5D4339809E0AD9A00D4D3DD26FDF44A32819A54ABF846BB9B560D81391C25
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD.dat
3514368
MD5
7F7CCAA16FB15EB1C7399D422F8363E8
SHA1
BD44D0AB543BF814D93B719C24E90D8DD7111234
SHA256
2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
waitfor.exe
20480
MD5
8495400F199AC77853C53B5A3F278F3E
SHA1
BE5D6279874DA315E3080B06083757AAD9B32C23
SHA256
2CA2D550E603D74DEDDA03156023135B38DA3630CB014E3D00B1263358C5F00D
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
tasksche.exe
3514368
MD5
84C82835A5D21BBCF75A61706D8AB549
SHA1
5FF465AFAABCBF0150D1A3AB2C2E74F3A4426467
SHA256
ED01EBFBC9EB5BBEA545AF4D01BF5F1071661840480439C6E5BABE8E080E41AA
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
diskpart.exe
3514368
MD5
86721E64FFBD69AA6944B9672BCABB6D
SHA1
8897C658C0373BE54EEAC23BBD4264687A141AE1
SHA256
C365DDAA345CFCAFF3D629505572A484CFF5221933D68E4A52130B8BB7BADAF9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
8dd63adb68ef053e044a5a2f46e0d2cd.virus
237568
MD5
8DD63ADB68EF053E044A5A2F46E0D2CD
SHA1
1BC604573CEAB106E5A0E9C419ADE38739228707
SHA256
201F42080E1C989774D05D5B127A8CD4B4781F1956B78DF7C01112436C89B2C9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
Message
237568
MD5
B0AD5902366F860F85B892867E5B1E87
SHA1
A52E025D579BEBAE7C64CB40236B469B3C376024
SHA256
CA29DE1DC8817868C93E54B09F557FE14E40083C0955294DF5BD91F52BA469C8
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
kbdlv (3.13)
189096
MD5
B675498639429B85AF9D70BE1E8A8782
SHA1
B8B49A36A52ABCF537FEBCBF2D09497BEE79987D
SHA256
7108D6793A003695EE8107401CFB17AF305FA82FF6C16B7A5DB45F15E5C9E12D
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
ransomware07_no_detection.exe
3514368
MD5
D6114BA5F10AD67A4131AB72531F02DA
SHA1
A1818054B40EC9E28BEBE518ECC92F4ECEAFFEF4
SHA256
7C465EA7BCCCF4F94147ADD808F24629644BE11C0BA4823F16E8C19E0090F0FF
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
mssecsvc.exe
3723264
MD5
DB349B97C37D22F5EA1D1841E3C89EB4
SHA1
E889544AFF85FFAF8B0D0DA705105DEE7C97FE26
SHA256
24D004A104D4D54034DBCFFC2A4B19A11F39008A575AA614EA04703480B1022C
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
Message
237568
MD5
E372D07207B4DA75B3434584CD9F3450
SHA1
F3839C1CDE9CE18021194573FDF0CAE09A62172F
SHA256
4B76E54DE0243274F97430B26624C44694FBDE3289ED81A160E0754AB9F56F32
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
mssecsvc.exe
3723264
MD5
F107A717F76F4F910AE9CB4DC5290594
SHA1
51E4307093F8CA8854359C0AC882DDCA427A813C
SHA256
F8812F1DEB8001F3B7672B6FC85640ECB123BC2304B563728E6235CCBE782D85
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
taskhcst.eee
237568
MD5
F529F4556A5126BBA499C26D67892240
SHA1
FB18818FC383330B401FC5B332CC63A5BBD4CD30
SHA256
DFF26A9A44BAA3CE109B8DF41AE0A301D9E4A28AD7BD7721BBB7CCD137BFD696
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
WCry_WannaCry_ransomware.exe
4497408
MD5
4DA1F312A214C07143ABEEAFB695D904
SHA1
B629F072C9241FD2451F1CBCA2290197E72A8F5E
SHA256
AEE20F9188A5C3954623583C6B0E6623EC90D5CD3FDEC4E1001646E27664002C
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
SHA256
2372862AFAA8E8720BC46F93CB27A9B12646A7CBC952CC732B8F5DF7AEBB2450
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
SHA256
43D1EF55C9D33472A5532DE5BBE814FEFA5205297653201C30FDC91B8F21A0ED
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
SHA256
49FA2E0131340DA29C564D25779C0CAFB550DA549FAE65880A6B22D45EA2067F
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on US-CERT analysis, this hash may be associated with WannaCry Ransomware activity.
SHA256
616E60F031B6E7C4F99C216D120E8B38763B3FAFD9AC4387ED0533B15DF23420
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
SHA256
49FA2E0131340DA29C564D25779C0CAFB550DA549FAE65880A6B22D45EA2067F
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
SHA256
616E60F031B6E7C4F99C216D120E8B38763B3FAFD9AC4387ED0533B15DF23420
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
localfile~
3723264
MD5
DB349B97C37D22F5EA1D1841E3C89EB4
SHA1
E889544AFF85FFAF8B0D0DA705105DEE7C97FE26
SHA256
24D004A104D4D54034DBCFFC2A4B19A11F39008A575AA614EA04703480B1022C
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
taskhcst.exe
237568
MD5
3BC855BFADFEA71A445080BA72B26C1C
SHA1
BC978DB3D2DC20B1A305D294A504BB0CEB83F95A
SHA256
043E0D0D8B8CDA56851F5B853F244F677BD1FD50F869075EF7BA1110771F70C2
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
findstr
323584
MD5
B9B3965D1B218C63CD317AC33EDCB942
SHA1
02408BB6DC1F3605A7D3F9BAD687A858EC147896
SHA256
5D26835BE2CF4F08F2BEEFF301C06D05035D0A9EC3AFACC71DFF22813595C0B9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
N/A
339968
MD5
808182340FB1B0B0B301C998E855A7C8
SHA1
4FDAE49BE25846CA53B5936A731CE79C673A8E1F
SHA256
76A3666CE9119295104BB69EE7AF3F2845D23F40BA48ACE7987F79B06312BBDF
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
dvdplay
229376
MD5
5C7FB0927DB37372DA25F270708103A2
SHA1
120ED9279D85CBFA56E5B7779FFA7162074F7A29
SHA256
BE22645C61949AD6A077373A7D6CD85E3FAE44315632F161ADC4C99D5A8E6844
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
Cmd.Exe
241664
MD5
66DDBD108B0C347550F18BB953E1831D
SHA1
432C1A5353BAB4DBA67EA620EA6C1A3095C5D4FA
SHA256
F7C7B5E4B051EA5BD0017803F40AF13BED224C4B0FD60B890B6784DF5BD63494
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
taskhcst.exe1
237568
MD5
B6DED2B8FE83BE35341936E34AA433E5
SHA1
64B8E679727E99A369A2BE3ED800F7B969D43AA8
SHA256
FC626FE1E0F4D77B34851A8C60CDD11172472DA3B9325BFE288AC8342F6C710A
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
diskpart.exe
3514368
MD5
509C41EC97BB81B0567B059AA2F50FE8
SHA1
87420A2791D18DAD3F18BE436045280A4CC16FC4
SHA256
09A46B3E1BE080745A6D8D88D6B5BD351B1C7586AE0DC94D0C238EE36421CAFA
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
WCry_WannaCry_ransomware.exe
4497408
MD5
4DA1F312A214C07143ABEEAFB695D904
SHA1
B629F072C9241FD2451F1CBCA2290197E72A8F5E
SHA256
AEE20F9188A5C3954623583C6B0E6623EC90D5CD3FDEC4E1001646E27664002C
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Based on trusted third party reporting, this hash may be associated with WannaCry Ransomware activity.
diskpart.exe
3514368
MD5
86721E64FFBD69AA6944B9672BCABB6D
SHA1
8897C658C0373BE54EEAC23BBD4264687A141AE1
SHA256
C365DDAA345CFCAFF3D629505572A484CFF5221933D68E4A52130B8BB7BADAF9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.