Blog #NotPetya Correlations & Enrichment on TruSTAR

#NotPetya Correlations & Enrichment on TruSTAR

We’re seeing relevant activity on our platform related to the new ransomware attack spreading across Europe and the US. In the past 24 hours, companies from multiple sectors have reported #NotPetya IoCs in the TruSTAR Community. If you’re interested in enrichment data look no further.


Timelapse of NotPetya IoCs reported on TruSTAR from March 2016 - Present:



Here’s what we know:

  • Security researchers believe this is a variant of Petya ransomware but there still isn't consensus in the research community. What has been confirmed is this ransomware, just like WannaCry, is using the ETERNALBLUE tool which exploits CVE-2017-0144 and was originally revealed in the ShadowBrokers April Wikileaks release.
  • This ransomware has affected a number of large enterprise and government operations across Europe (hospitals, supermarkets, banks) and there are reports of US companies also being impacted.


Here’s what we’re seeing on TruSTAR:

  • Petya is not new - the group behind it has essentially repurposed it most likely based on the success of WannaCry. We have reports dating back to late 2016 with Petya infrastructure IoC's.
  • The group behind Petya has taken a page out of the WannaCry playbook and the TTP's are strikingly similar.


What you can do:

  • Immediately apply security patch MS17-010 and block or monitor incoming traffic on TCP port 445.
  • Log into TruSTAR and search for Petya or NotPetya in the search bar. You can download IoC's from reports of the latest outbreak, as well as the ones we have been tracking since 2016.
  • We’re collecting more IoC’s and relevant context by the minute. Submit reports and update them regularly to enhance contextual data.
  • Use our anonymous chat to collaborate with others investigating the attack.


Don’t hesitate to reach out with questions or concerns to the TS Responder team. Log into TruSTAR now.

Want to learn more about TruSTAR's IoC Search? Click here.

Improved Submission Workflow on TruSTAR Improved Submission Workflow on TruSTAR One of TruSTAR’s key differentiators is the ability to extract and normalize indicators from structured or ... Read More
TruSTAR Announces New MITRE ATT&CK Framework Feature ABOUT MITRE ATT&CK on TruSTAR Read More
New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources Introducing the New Context Panel Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new ... Read More
IBM & City of Los Angeles Select TruSTAR to Build Security Tool for Local Businesses On Tuesday, at the 2019 LA Cyber Lab Summit, The City of Los Angeles announced their business partnership with IBM Security and TruSTAR to help local ... Read More