Scanning The Dark Web
Published in
4 min readJan 30, 2019
So what did Wanna Cry connect to? Well once installed on a machine (through unpatched SMB shares on Windows), the ransomware first downloaded the Tor program, and then connected directly to five addresses:
gx7ekbenv2riucmf.onion
57g7spgrzlojinas.onion
xxlvbrloxvriy2c5.onion
76jdd2ir2embyv47.onion
cwwnhwhlz52maqm7.onion
Increasingly we see applications and, especially, malware, connecting directly to…