Request WannaCry kill switch domain

/static/assets/windows-logo.svg
WannaCry attempts to resolve the kill switch domain as a trigger to abort execution. This technique makes a GET request to the sinkholed WannaCry kill switch domain and prints the sinkhole message.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
APT38 WannaCry

2022-05-31

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform lateral movement using EternalBlue and DoublePulsar exploits.