Rdp was a factor, but only locally. No initial vector has been established. The only propagation method we have seen is via SMB.
Check the blog post. We laid it all out there. -- Sent from my iPhone > On May 16, 2017, at 12:40, Eric Tykwinski <[email protected]> wrote: > > I don't think anyone really knows the initial vector, but RDP was an entry > point according to the site I was reading: > Backdooring: The worm loops through every RDP session on a system to run the > ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It > corrupts shadow volumes to make recovery harder. (source: malwarebytes) > It seems more believable to me than everyone with SMB access to the public > internet. > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > > -----Original Message----- > From: clamav-users [mailto:[email protected]] On Behalf > Of Dennis Peterson > Sent: Tuesday, May 16, 2017 12:25 PM > To: ClamAV users ML > Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with > clamav > > If not email what is the vector? > > dp > >> On 5/15/17 5:11 PM, Joel Esler (jesler) wrote: >> To be clear let me link to our blog post on the subject: >> >> http://blog.talosintelligence.com/2017/05/wannacry.html >> >> There has been No email vector seen in WannaCry to date. Almost everyone > that has claimed this, has retracted it. Please read the above blog post for > all the facts as we know them. >> >> This is an ongoing threat. >> >> -- >> Joel Esler | Talos: Manager | [email protected]<mailto:[email protected]> > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
