{ "type": "bundle", "id": "bundle--338b0e88-c726-4d2f-a965-9c2a20c33495", "spec_version": "2.0", "objects": [ { "modified": "2023-03-08T22:11:21.842Z", "name": "NotPetya", "description": "[NotPetya](https://attack.mitre.org/software/S0368) is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) in a worldwide attack starting on June 27, 2017. While [NotPetya](https://attack.mitre.org/software/S0368) appears as a form of ransomware, its main purpose was to destroy data and disk structures on compromised systems; the attackers never intended to make the encrypted data recoverable. As such, [NotPetya](https://attack.mitre.org/software/S0368) may be more appropriately thought of as a form of wiper malware. [NotPetya](https://attack.mitre.org/software/S0368) contains worm-like features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.(Citation: Talos Nyetya June 2017)(Citation: US-CERT NotPetya 2017)(Citation: ESET Telebots June 2017)(Citation: US District Court Indictment GRU Unit 74455 October 2020)", "x_mitre_platforms": [ "Windows" ], "x_mitre_deprecated": false, "x_mitre_domains": [ "enterprise-attack", "ics-attack" ], "x_mitre_version": "2.0", "x_mitre_aliases": [ "NotPetya", "ExPetr", "Diskcoder.C", "GoldenEye", "Petrwrap", "Nyetya" ], "type": "malware", "id": "malware--5719af9d-6b16-46f9-9b28-fb019541ddbb", "created": "2019-03-26T15:02:14.907Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0368", "external_id": "S0368" }, { "source_name": "ExPetr", "description": "(Citation: ESET Telebots June 2017)" }, { "source_name": "Diskcoder.C", "description": "(Citation: ESET Telebots June 2017)" }, { "source_name": "GoldenEye", "description": "(Citation: Talos Nyetya June 2017)" }, { "source_name": "Nyetya", "description": "(Citation: Talos Nyetya June 2017)" }, { "source_name": "Petrwrap", "description": "(Citation: Talos Nyetya June 2017)(Citation: ESET Telebots June 2017)" }, { "source_name": "ESET Telebots June 2017", "description": "Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.", "url": "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/" }, { "source_name": "Talos Nyetya June 2017", "description": "Chiu, A. (2016, June 27). New Ransomware Variant \"Nyetya\" Compromises Systems Worldwide. Retrieved March 26, 2019.", "url": "https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html" }, { "source_name": "US District Court Indictment GRU Unit 74455 October 2020", "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.", "url": "https://www.justice.gov/opa/press-release/file/1328521/download" }, { "source_name": "US-CERT NotPetya 2017", "description": "US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.", "url": "https://www.us-cert.gov/ncas/alerts/TA17-181A" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "labels": [ "malware" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }