I deployed MOVE MP at a costumer network, and recently I discovered something rather interesting, and suspicious. The SVM Manager is trying to contact a server via ntp port. The server is listed as a tor network. My firewall bloqued the request since this is a WannaCry indicator. You can see a print bellow:
This network has no internet access and this is the only server with this behaviour. I am using SVM Manager OVF version 126.96.36.199.
Any explanation or sugestions about this??