{"id":12932,"date":"2018-09-16T03:38:36","date_gmt":"2018-09-16T03:38:36","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29317\/Unpatched-Systems-Continue-To-Fall-To-WannaMine-Worm.html"},"modified":"2018-09-16T03:38:36","modified_gmt":"2018-09-16T03:38:36","slug":"unpatched-systems-continue-to-fall-to-wannamine-worm","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/","title":{"rendered":"Unpatched Systems Continue To Fall To WannaMine Worm"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/09\/Austria-Mine-Old-Mine-Lake-Mountains-Signs-1557302-800x533.jpg\" alt=\"Article intro image\"\/><\/p>\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/09\/Austria-Mine-Old-Mine-Lake-Mountains-Signs-1557302.jpg\" class=\"enlarge-link\" data-height=\"640\" data-width=\"960\">Enlarge<\/a> <span class=\"sep\">\/<\/span> This old mine is still yielding somebody Monero.<\/div>\n<aside id=\"social-left\"><a aria-describedby=\"34 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/09\/eternally-pwned-wannamine-still-spreading-using-year-old-leaked-nsa-exploits\/?comments=1\"><span class=\"comment-count-before\">reader comments<\/span> <span class=\"comment-count-number\">45<\/span><\/a><\/p>\n<div class=\"share-links\"><span>Share this story<\/span> <\/div>\n<\/aside>\n<p>In May of 2017, the WannaCry attack\u2014a file-encrypting ransomware knock-off attributed by the US to North Korea\u2014raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows&#8217; Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.<\/p>\n<p>The core exploit used by WannaCry has been leveraged by other malware authors, including <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/06\/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide\/\">the NotPetya attack<\/a> that affected companies worldwide a month later, and <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/05\/massive-cryptocurrency-botnet-used-leaked-nsa-exploits-weeks-before-wcry\/\">Adylkuzz<\/a>, a cryptocurrency-mining worm that began to spread even before WannaCry. Other cryptocurrency-mining worms followed, including <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/02\/cryptocurrency-botnets-generate-millions-but-exact-huge-cost-on-victims\/\">WannaMine<\/a>\u2014a fileless, all-PowerShell based, Monero-mining malware attack that <a href=\"https:\/\/www.pandasecurity.com\/mediacenter\/pandalabs\/threat-hunting-fileless-attacks\/\">threat researchers have been tracking since at least last October<\/a>. The servers behind the attack were widely published, and some of them went away.<\/p>\n<p>But a year later, WannaMine is still spreading. Amit Serper, head of security research at Cybereason, has <a href=\"https:\/\/www.cybereason.com\/blog\/wannamine-cryptominer-eternalblue-wannacry?hs_preview=SPPHKFkR-6180187469\">just published research<\/a> into a recent attack on one of his company&#8217;s clients\u2014a Fortune 500 company that Serper told Ars was heavily hit by WannaMine. The malware affected &#8220;dozens of domain controllers and about 2,000 endpoints,&#8221; Serper said, after gaining access through an unpatched SMB server.<\/p>\n<p>WannaMine is &#8220;fileless,&#8221; sort of. It uses PowerShell scripts pulled from remote servers to establish a foothold on computers and run all of its components. But WannaMine isn&#8217;t purely fileless by any means\u2014the PowerShell script that establishes its foothold downloads a huge file full of base64-encoded text. &#8220;In fact, the downloaded payload is so large (thanks to all of the obfuscation) that it makes most of the text editors hang and it\u2019s quite impossible to load the entire base64\u2019d string into an interactive ipython session,&#8221; Serper wrote in his post.<\/p>\n<p>Inside that file is more PowerShell code, including a PowerShell version of the Mimikatz credential-stealing tool <a href=\"https:\/\/github.com\/clymb3r\/PowerShell\/blob\/master\/Invoke-Mimikatz\/Invoke-Mimikatz.ps1\">copied directly from a GitHub repository<\/a>. There&#8217;s also a huge binary blob\u2014a Windows .NET compiler\u2014which the malware uses to compile a dynamic-link library version of the <a href=\"https:\/\/www.pingcastle.com\/\">PingCastle network scanning tool<\/a> for locating potentially vulnerable targets elsewhere on the network. The harvested credentials and network data are then used to attempt to connect to other computers and install more copies of the malware. The DLL is given a random name, so it&#8217;s different on every infected system.<\/p>\n<p>WannaMine&#8217;s PowerShell code does a number of things to make itself at home. It uses the Windows Management Instrumentation to detect whether it has landed on a 32-bit or 64-bit system to pick which version of its payload to download. It configures itself as a scheduled process to ensure it persists after a system shutdown, and it changes the power management settings of the infected computer to make sure the machine doesn&#8217;t go to sleep and its mining activities go uninterrupted. This code shuts down any process using Internet Protocol ports associated with cryptocurrency-mining pools (3333, 5555, and 7777). And then it runs PowerShell-based miners of its own, connecting to mining pools on port 14444.<\/p>\n<p>The thing that is perhaps the most aggravating about the continued spread of WannaMine is that the malware continues to use some of the same servers that were originally reported to be associated with it. Serper reached out to all of the hosting providers he could identify from the addresses and got no response. The command and control servers are:<\/p>\n<ul>\n<li>118.184.48.95, hosted by Shanghai Anchnet Network Technology Stock Co., Ltd in Shanghai.<\/li>\n<li>104.148.42.153 and 107.179.67.243, both hosted by the DDoS mitigation hosting company <a href=\"http:\/\/www.globalfrag.com\/\">Global Frag Servers<\/a>\u00a0in Los Angeles (though the company also appears to be a Chinese network operator).<\/li>\n<li>172.247.116.8 and 172.247.166.87, both hosted by CloudRadium L.L.C., a company with a disconnected phone number and a Los Angeles address shared with a number of other hosting and co-location service providers.<\/li>\n<li>45.199.154.141, hosted in the US by <a href=\"http:\/\/cloudinnovation.org\/about-us-2\/\">CloudInnovation<\/a>, which claims to be based in South Africa but gives a Seychelles address in its network registration.<\/li>\n<\/ul>\n<p>None of these organizations responded to requests for comment from Ars.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29317\/Unpatched-Systems-Continue-To-Fall-To-WannaMine-Worm.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":12933,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[3491],"class_list":["post-12932","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwareflawnsa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-16T03:38:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Unpatched Systems Continue To Fall To WannaMine Worm\",\"datePublished\":\"2018-09-16T03:38:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/\"},\"wordCount\":699,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg\",\"keywords\":[\"headline,malware,flaw,nsa\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/\",\"name\":\"Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg\",\"datePublished\":\"2018-09-16T03:38:36+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatched-systems-continue-to-fall-to-wannamine-worm\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,flaw,nsa\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwareflawnsa\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Unpatched Systems Continue To Fall To WannaMine Worm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/","og_locale":"en_US","og_type":"article","og_title":"Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-09-16T03:38:36+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Unpatched Systems Continue To Fall To WannaMine Worm","datePublished":"2018-09-16T03:38:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/"},"wordCount":699,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg","keywords":["headline,malware,flaw,nsa"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/","url":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/","name":"Unpatched Systems Continue To Fall To WannaMine Worm 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg","datePublished":"2018-09-16T03:38:36+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/unpatched-systems-continue-to-fall-to-wannamine-worm.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-systems-continue-to-fall-to-wannamine-worm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,flaw,nsa","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwareflawnsa\/"},{"@type":"ListItem","position":3,"name":"Unpatched Systems Continue To Fall To WannaMine Worm"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=12932"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12932\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/12933"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=12932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=12932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=12932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}