If you really want to create something, that will traverse across NAT’s, and be very difficult to trace the origin unless you’re one of the 3 letter agencies, then use Tor Hidden Service’s.
What you’ll need to do, is set up a tor hidden service as your listener (on the attacker side), and then modify your malware to include a tor binary with it. How you deploy this is dependent on how deep you’re trying to get.
Wannacry actually downloaded the binary from the C2 and unpacked it on the disk. Personally, I think it’s much cooler to do this all from within the payload, although very difficult in reality.