Wait, what?
| WanaCrypt0r will then download a TOR client from
|
https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip| and extract it into the TaskData folder. This TOR client is used to
| communicate with the ransomware C2 servers at gx7ekbenv2riucmf.onion,
| 57g7spgrzlojinas.onion, xxlvbrloxvriy2c5.onion,
| 76jdd2ir2embyv47.onion, and cwwnhwhlz52maqm7.onion.
https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/Sad but true.
But what they want to block are guards and directory servers. But their
list will probably include all relays, so whatever.
Longer term, it's pointless, because malware authors can just hard code
bridges. Even custom unlisted bridges.
niftybunny
abuse@to-surf-and-protect.net
Where ignorance is bliss, 'Tis folly to be wise.
Thomas Gray
On 14. May 2017, at 21:45, Jon Gardner <toradmin@brazoslink.net> wrote:
From the SNORT folks...
http://blog.talosintelligence.com/2017/05/wannacry.html?m=1 <http://blog.talosintelligence.com/2017/05/wannacry.html?m=1>
".... Additionally, organizations should strongly consider blocking connections to TOR nodes and TOR traffic on network. Known TOR exit nodes are listed within the Security Intelligence feed of ASA Firepower devices. Enabling this to be blacklisted will prevent outbound communications to TOR networks."
<><
Jon L. Gardner
Mobile: +1 979-574-1189
Email/Skype/Jabber: jon@brazoslink.net <mailto:jon@brazoslink.net>
AIM/iChat/MSN: jlg@mac.com <mailto:jlg@mac.com>_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays