1

Google security researcher Neel Mehta has famously identified code similarities between a sample of WannaCry and code used by North Korean hacker group Lazarus in 2015.

Around the same time, another security researcher, Matthieu Suiche, found the so called "kill switch" which stopped or slowed the initial version of the virus.

Where are these folks getting the code that they're analyzing? Is any part of it available publicly?

This is different from "Finding a specific malware sample for malware analysis purposes" because:

  1. I just want to know if there's public access to this malware's code, as no one seems to know where the security researchers in the news are getting it from and that thread does absolutely nothing to answer that.

  2. The top ranked answer there is a link to a (hardly authoritative-looking) blog that never touches the subject of WannaCry

  3. There are no accepted answers to that question, thus per SO Meta it's not a valid question to use as a basis for marking this as a dupe.

Hack-R
  • 213
  • 2
  • 8
  • I'm voting to close this question as off-topic because links to samples are likely to rapidly be taken down and lead to stale and invalid answers. – Xander May 16 '17 at 18:45
  • @Xander I didn't ask for a link. I just asked if it exists publicly and where they are getting it from. "Yes, it exists publicly in a number of exploit databases such as X, Y and Z" or "No, under the auspices of Law 123 the government is preventing sites from sharing the code on the public Internet to avoid enabling malicious use of the code" could be answers without links. – Hack-R May 16 '17 at 18:47
  • 1
    [Yes, they exist publicly](https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168), however I agree that such question seems out-of-scope as either deprecating too quickly (link) or synonym of already existing question (is it possible to find sample of certain malware, check the "Related" questions in the right side of the page). – WhiteWinterWolf May 16 '17 at 18:50
  • @Hack-R your reasons why it is not a dupe does not address the reasons why it was marked a dupe (i.e. any link will degrade in value). – schroeder May 17 '17 at 06:31

0 Answers0