WannaCryptor, also referred to in the provided content as WannaCry, is ransomware associated in the reporting with the Lazarus Group. The content cites the 2017 WannaCryptor outbreak as a high-profile incident and notes that, like NotPetya, it spread using the EternalBlue exploit. It is described as a major outbreak that drew significant attention from security researchers. No additional high-confidence technical details, victim sectors, or indicators of compromise are provided in the supplied content beyond its alias relationship to WannaCry, its use of EternalBlue for propagation, and its mention in connection with Lazarus-attributed activity.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Some of the past attacks attributed to the Lazarus group attracted the interest of security researchers... the WannaCryptor outbreak...
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Lazarus-attributed ransomware outbreak referenced as part of the group’s historical toolset/operations.
Ransomware family attributed to Lazarus in the content; mentioned as a notable historical Lazarus-linked incident (not as a payload in the Spain aerospace intrusion chain).
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.