Last seven days
- First activity
- Jul 19, 2026
- Last activity
- Jul 19, 2026
- Feed role
- C2
- Host form
- 1 IP / 0 hostnames
WannaCryptor, also referred to in the provided content as WannaCry, is ransomware associated in the reporting with the Lazarus Group.
Profile source: Mallory opens in a new tabWannaCryptor
WannaCryptor, also referred to in the provided content as WannaCry, is ransomware associated in the reporting with the Lazarus Group. The content cites the 2017 WannaCryptor outbreak as a high-profile incident and notes that, like NotPetya, it spread using the EternalBlue exploit. It is described as a major outbreak that drew significant attention from security researchers. No additional high-confidence technical details, victim sectors, or indicators of compromise are provided in the supplied content beyond its alias relationship to WannaCry, its use of EternalBlue for propagation, and its mention in connection with Lazarus-attributed activity.
C2 tracking
Derp observations, rolling seven-day window
Samples
Reported operators
Some of the past attacks attributed to the Lazarus group attracted the interest of security researchers... the WannaCryptor outbreak...
Reporting
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.