Request WannaCry kill switch domain

WannaCry attempts to resolve the kill switch domain as a trigger to abort execution. This technique makes a GET request to the sinkholed WannaCry kill switch domain and prints the sinkhole message.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
APT38 WannaCry


Perform lateral movement using EternalBlue and DoublePulsar exploits.