S0368Windows

S0368NotPetya

Platforms
1
ATT&CK
14.1
References
5

Description

[NotPetya](https://attack.mitre.org/software/S0368) is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) in a worldwide attack starting on June 27, 2017. While [NotPetya](https://attack.mitre.org/software/S0368) appears as a form of ransomware, its main purpose was to destroy data and disk structures on compromised systems; the attackers never intended to make the encrypted data recoverable. As such, [NotPetya](https://attack.mitre.org/software/S0368) may be more appropriately thought of as a form of wiper malware. [NotPetya](https://attack.mitre.org/software/S0368) contains worm-like features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.(Citation: Talos Nyetya June 2017)(Citation: US-CERT NotPetya 2017)(Citation: ESET Telebots June 2017)(Citation: US District Court Indictment GRU Unit 74455 October 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupSandworm Teamg0034100%live

References

  1. https://attack.mitre.org/software/S0368
  2. https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/
  3. https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
  4. https://www.justice.gov/opa/press-release/file/1328521/download
  5. https://www.us-cert.gov/ncas/alerts/TA17-181A

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
WannaCry
Software
KillDisk
Software
Olympic Destroyer
Software
HermeticWiper
Software
SamSam
Software
Conficker
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.