WannaCry Sample IOCs:Referenced in https://youtu.be/d_j8UUQbJscSample Me

1. WannaCry Sample IOCs:
2.  
3. Referenced in https://youtu.be/d_j8UUQbJsc
4.  
5. Sample Metadata
6. ===============
7. MD5: 84c82835a5d21bbcf75a61706d8ab549
8. SHA1: 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
9. ssdeep: 98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
10. .text MD5: 920e964050a1a5dd60dd00083fd541a2
11. .rdata MD5: 2c42611802d585e6eed68595876d1a15
12. .data MD5: 83506e37bd8b50cacabd480f8eb3849b
13. .rsrc MD5: f99ce7dc94308f0a149a19e022e4c316
14.  
15. Bitcoin Wallet:
16. ===============
17. 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
18.  
19. File System Indicators:
20. =======================
21. %UserProfile%\Desktop\taskdl.exe [MD5: 4fef5e34143e646dbf9907c4374276f5]
22. %UserProfile%\Desktop\taskse.exe [MD5: 8495400f199ac77853c53b5a3f278f3e]
23. %UserProfile%\Desktop\b.wnry [MD5: c17170262312f3be7027bc2ca825bf0c]
24. %UserProfile%\Desktop\c.wnry [MD5: 6395e8b6865c296d756a8d30bd6924e7]
25. %UserProfile%\Desktop\r.wnry [MD5: 3e0020fc529b1c2a061016dd2469ba96]
26. %UserProfile%\Desktop\s.wnry [MD5: ad4c9de7c8c40813f200ba1c2fa33083]
27. %UserProfile%\Desktop\t.wnry [MD5: 5dcaac857e695a65f5c3ef1441a73a8f]
28. %UserProfile%\Desktop\u.wnry [MD5: 7bf2b57f2a205768755c07f238fb32cc]
29. %UserProfile%\Desktop\00000000.pky [MD5: e14fd58eacc813d4f19f09ad03a06bfb]
30. %UserProfile%\Desktop\00000000.eky [MD5: 95f55e7994eaea478f68f4c6b8fc3f40]
31. %UserProfile%\Desktop\00000000.res [MD5: 296531a0a234e73bb7beb6893e99f1af]
32. %UserProfile%\Desktop\@WanaDecryptor@.exe [MD5: 7bf2b57f2a205768755c07f238fb32cc]
33. %UserProfile%\Desktop\msg\m_bulgarian.wnry [MD5: 95673b0f968c0f55b32204361940d184]
34. %UserProfile%\Desktop\msg\m_chinese (simplified).wnry [MD5: 0252d45ca21c8e43c9742285c48e91ad]
35. %UserProfile%\Desktop\msg\m_chinese (traditional).wnry [MD5: 2efc3690d67cd073a9406a25005f7cea]
36. %UserProfile%\Desktop\msg\m_croatian.wnry [MD5: 17194003fa70ce477326ce2f6deeb270]
37. %UserProfile%\Desktop\msg\m_czech.wnry [MD5: 537efeecdfa94cc421e58fd82a58ba9e]
38. %UserProfile%\Desktop\msg\m_danish.wnry [MD5: 2c5a3b81d5c4715b7bea01033367fcb5]
39. %UserProfile%\Desktop\msg\m_dutch.wnry [MD5: 7a8d499407c6a647c03c4471a67eaad7]
40. %UserProfile%\Desktop\msg\m_english.wnry [MD5: fe68c2dc0d2419b38f44d83f2fcf232e]
41. %UserProfile%\Desktop\msg\m_filipino.wnry [MD5: 08b9e69b57e4c9b966664f8e1c27ab09]
42. %UserProfile%\Desktop\msg\m_finnish.wnry [MD5: 35c2f97eea8819b1caebd23fee732d8f]
43. %UserProfile%\Desktop\msg\m_french.wnry [MD5: 4e57113a6bf6b88fdd32782a4a381274]
44. %UserProfile%\Desktop\msg\m_german.wnry [MD5: 3d59bbb5553fe03a89f817819540f469]
45. %UserProfile%\Desktop\msg\m_greek.wnry [MD5: fb4e8718fea95bb7479727fde80cb424]
46. %UserProfile%\Desktop\msg\m_indonesian.wnry [MD5: 3788f91c694dfc48e12417ce93356b0f]
47. %UserProfile%\Desktop\msg\m_italian.wnry [MD5: 30a200f78498990095b36f574b6e8690]
48. %UserProfile%\Desktop\msg\m_japanese.wnry [MD5: b77e1221f7ecd0b5d696cb66cda1609e]
49. %UserProfile%\Desktop\msg\m_korean.wnry [MD5: 6735cb43fe44832b061eeb3f5956b099]
50. %UserProfile%\Desktop\msg\m_latvian.wnry [MD5: c33afb4ecc04ee1bcc6975bea49abe40]
51. %UserProfile%\Desktop\msg\m_norwegian.wnry [MD5: ff70cc7c00951084175d12128ce02399]
52. %UserProfile%\Desktop\msg\m_polish.wnry [MD5: e79d7f2833a9c2e2553c7fe04a1b63f4]
53. %UserProfile%\Desktop\msg\m_portuguese.wnry [MD5: fa948f7d8dfb21ceddd6794f2d56b44f]
54. %UserProfile%\Desktop\msg\m_romanian.wnry [MD5: 313e0ececd24f4fa1504118a11bc7986]
55. %UserProfile%\Desktop\msg\m_russian.wnry [MD5: 452615db2336d60af7e2057481e4cab5]
56. %UserProfile%\Desktop\msg\m_slovak.wnry [MD5: c911aba4ab1da6c28cf86338ab2ab6cc]
57. %UserProfile%\Desktop\msg\m_spanish.wnry [MD5: 8d61648d34cba8ae9d1e2a219019add1]
58. %UserProfile%\Desktop\msg\m_swedish.wnry [MD5: c7a19984eb9f37198652eaf2fd1ee25c]
59. %UserProfile%\Desktop\msg\m_turkish.wnry [MD5: 531ba6b1a5460fc9446946f91cc8c94b]
60. %UserProfile%\Desktop\msg\m_vietnamese.wnry [MD5: 8419be28a0dcec3f55823620922b00fa]
61. %UserProfile%\Desktop\@Please_Read_Me@.txt [MD5: 7e6b6da7c61fcb66f3f30166871def5b]
62. %UserProfile%\Desktop\TaskData\Tor\libeay32.dll [MD5: 6ed47014c3bb259874d673fb3eaedc85]
63. %UserProfile%\Desktop\TaskData\Tor\libevent-2-0-5.dll [MD5: 90f50a285efa5dd9c7fddce786bdef25]
64. %UserProfile%\Desktop\TaskData\Tor\libevent_core-2-0-5.dll [MD5: e5df3824f2fcad0c75fd601fcf37ee70]
65. %UserProfile%\Desktop\TaskData\Tor\libevent_extra-2-0-5.dll [MD5: 6d6602388ab232ca9e8633462e683739]
66. %UserProfile%\Desktop\TaskData\Tor\libgcc_s_sjlj-1.dll [MD5: 73d4823075762ee2837950726baa2af9]
67. %UserProfile%\Desktop\TaskData\Tor\libssp-0.dll [MD5: 78581e243e2b41b17452da8d0b5b2a48]
68. %UserProfile%\Desktop\TaskData\Tor\ssleay32.dll [MD5: a12c2040f6fddd34e7acb42f18dd6bdc]
69. %UserProfile%\Desktop\TaskData\Tor\tor.exe [MD5: fe7eb54691ad6e6af77f8a9a0b6de26d]
70. %UserProfile%\Desktop\TaskData\Tor\zlib1.dll [MD5: fb072e9f69afdb57179f59b512f828a4]
71. %UserProfile%\Desktop\TaskData\Tor\taskhsvc.exe [MD5: fe7eb54691ad6e6af77f8a9a0b6de26d]
72.  
73. Registry Activity:
74. ==================
75. Amongst many other entries:
76. [RegSetValue] reg.exe:1768 > HKCU\Software\Microsoft\Windows\CurrentVersion\Run\uelzyfymlxjskv282 = C:\Users\REM\Desktop\tasksche.exe
77. [RegDeleteValue] taskhostw.exe:1384 > HKCU\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe
78.  
79. Network Indicators:
80. ===================
81. gx7ekbenv2riucmf.onion
82. 57g7spgrzlojinas.onion
83. xxlvbrloxvriy2c5.onion
84. 76jdd2ir2embyv47.onion
85. cwwnhwhlz52maqm7.onion
86. 104.243.35.196
87. 107.170.101.39
88. 109.105.109.162
89. 120.29.217.46
90. 127.192.0.0/10
91. 128.199.55.207
92. 128.31.0.34
93. 128.31.0.39
94. 131.188.40.188
95. 131.188.40.189
96. 134.119.3.164
97. 136.243.214.137
98. 138.201.130.32
99. 144.76.163.93
100. 144.76.26.175
101. 146.185.177.103
102. 148.251.190.229
103. 149.56.45.200
104. 151.80.42.103
105. 154.35.175.225
106. 163.172.13.165
107. 163.172.131.88
108. 163.172.138.22
109. 163.172.139.104
110. 163.172.149.122
111. 163.172.149.155
112. 163.172.157.213
113. 163.172.176.167
114. 163.172.194.53
115. 163.172.223.200
116. 163.172.25.118
117. 163.172.35.247
118. 163.172.35.249
119. 164.132.77.175
120. 167.114.35.28
121. 167.114.66.61
122. 171.25.193.131
123. 171.25.193.77
124. 171.25.193.78
125. 171.25.193.9
126. 173.244.44.53
127. 173.255.245.116
128. 176.10.104.240
129. 176.10.104.243
130. 176.126.252.11
131. 176.126.252.12
132. 178.16.208.56
133. 178.16.208.57
134. 178.16.208.58
135. 178.254.13.126
136. 178.254.20.134
137. 178.254.44.135
138. 178.33.183.251
139. 178.62.173.203
140. 178.62.197.82
141. 178.62.199.226
142. 178.62.22.36
143. 178.62.60.37
144. 178.62.86.96
145. 185.100.84.212
146. 185.100.85.101
147. 185.100.85.61
148. 185.100.86.100
149. 185.11.180.67
150. 185.129.62.62
151. 185.13.38.75
152. 185.13.39.197
153. 185.21.100.50
154. 185.35.202.221
155. 185.66.250.141
156. 185.96.180.29
157. 185.97.32.18
158. 188.138.112.60
159. 188.165.194.195
160. 188.166.133.133
161. 188.166.23.127
162. 188.40.128.246
163. 192.160.102.164
164. 192.187.124.98
165. 192.34.63.137
166. 192.42.113.102
167. 192.87.28.28
168. 192.87.28.82
169. 193.11.114.43
170. 193.11.114.45
171. 193.11.114.46
172. 193.11.164.243
173. 193.23.244.244
174. 193.35.52.53
175. 194.109.206.212
176. 195.154.122.54
177. 195.154.164.243
178. 197.231.221.211
179. 198.199.64.217
180. 198.50.191.95
181. 198.96.155.3
182. 199.254.238.52
183. 199.254.238.53
184. 204.11.50.131
185. 204.8.156.142
186. 212.129.38.254
187. 212.129.62.232
188. 212.47.229.2
189. 212.47.230.49
190. 212.47.233.86
191. 212.47.237.95
192. 212.47.240.10
193. 212.47.241.21
194. 212.47.244.38
195. 212.83.154.33
196. 212.83.40.238
197. 213.239.217.18
198. 213.61.66.116
199. 213.61.66.117
200. 213.61.66.118
201. 217.12.199.208
202. 217.79.179.177
203. 217.79.190.25
204. 31.185.104.20
205. 31.31.78.49
206. 37.157.195.87
207. 37.187.102.186
208. 37.187.104.178
209. 37.187.22.87
210. 37.187.7.74
211. 37.218.247.217
212. 37.221.162.226
213. 37.59.46.159
214. 45.62.255.25
215. 46.101.151.222
216. 46.101.169.151
217. 46.101.237.246
218. 46.28.110.244
219. 46.28.207.141
220. 46.28.207.19
221. 46.4.111.124
222. 5.199.142.236
223. 5.34.183.205
224. 5.35.251.247
225. 5.39.92.199
226. 5.9.146.203
227. 5.9.151.241
228. 5.9.158.75
229. 5.9.159.14
230. 51.254.101.242
231. 51.254.136.195
232. 51.254.246.203
233. 51.255.41.65
234. 52.18.199.239
235. 62.102.148.67
236. 62.210.124.124
237. 62.210.129.246
238. 62.210.92.11
239. 64.113.32.29
240. 66.111.2.20
241. 69.162.139.9
242. 78.142.142.246
243. 78.24.75.53
244. 78.47.18.110
245. 80.127.137.19
246. 81.2.209.10
247. 81.30.158.213
248. 81.7.10.93
249. 81.7.16.182
250. 82.223.21.74
251. 83.212.99.68
252. 85.10.202.87
253. 85.214.206.219
254. 85.214.62.48
255. 85.235.250.88
256. 85.248.227.164
257. 85.25.159.65
258. 86.105.212.130
259. 86.59.119.83
260. 86.59.119.88
261. 86.59.21.38
262. 89.163.247.43
263. 89.40.71.149
264. 91.121.84.137
265. 91.219.236.222
266. 91.219.237.229
267. 91.219.237.244
268. 91.229.20.27
269. 92.222.20.130
270. 92.222.38.67
271. 92.222.4.102
272. 93.115.97.242
273. 93.180.156.84
274. 94.23.204.175
275. 95.128.43.164
276. 95.130.11.147
277. 95.130.12.119
278. 95.183.48.12
279. 97.74.237.196