IoC Report Exposing an Active WannaCry Ransomware Domain Portfolio | WhoisXML API

Security reports

Read other reports

IoC Report Exposing an Active WannaCry Ransomware Domain Portfolio

Download PDF
IoC Report Exposing an Active WannaCry Ransomware Domain Portfolio

WannaCry ransomware made waves as part of a global cyber attack detected in 2017, which resulted in around US$4 billion1 in financial losses. The ransomware campaign targeted organizations in various industries, including the telecommunications, airline, and medical services sectors.

As a self-replicating malware that exploits a vulnerability in Windows, WannaCry has become notorious. The ransomware was last seen in August 20212, still making the identification of WannaCry ransomware-related properties critical.

Over the years, hundreds of WannaCry IoCs have been released by different security experts. WhoisXML API DNS Threat Researcher Dancho Danchev analyzed some of the publicly available IoCs to obtain actionable threat intelligence that can help organizations reinforce their cybersecurity posture. This report shows:

  • 16 registrant email addresses known for their involvement with the campaign
  • 140+ ransomware command-and-control (C&C) domains connected to the campaign
  • 100+ related ransomware domains that are currently active and share the same registrant email address
  • 180+ malicious and fraudulent MD5 hashes

Read the WannaCry Ransomware Domain Portfolio report and strengthen your cyberdefense by including the ransomware C&C domain registrant email addresses and connected domains to your blocklist. Download the report now.

  • [1] https://www.kaspersky.com/resource-center/threats/ransomware-wannacry 
  • [2] https://any.run/malware-trends/wannacry  

Download PDF Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.
Try our WhoisXML API for free
Get started
Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to