Blog #NotPetya Correlations & Enrichment on TruSTAR

#NotPetya Correlations & Enrichment on TruSTAR

We’re seeing relevant activity on our platform related to the new ransomware attack spreading across Europe and the US. In the past 24 hours, companies from multiple sectors have reported #NotPetya IoCs in the TruSTAR Community. If you’re interested in enrichment data look no further.


Timelapse of NotPetya IoCs reported on TruSTAR from March 2016 - Present:



Here’s what we know:

  • Security researchers believe this is a variant of Petya ransomware but there still isn't consensus in the research community. What has been confirmed is this ransomware, just like WannaCry, is using the ETERNALBLUE tool which exploits CVE-2017-0144 and was originally revealed in the ShadowBrokers April Wikileaks release.
  • This ransomware has affected a number of large enterprise and government operations across Europe (hospitals, supermarkets, banks) and there are reports of US companies also being impacted.


Here’s what we’re seeing on TruSTAR:

  • Petya is not new - the group behind it has essentially repurposed it most likely based on the success of WannaCry. We have reports dating back to late 2016 with Petya infrastructure IoC's.
  • The group behind Petya has taken a page out of the WannaCry playbook and the TTP's are strikingly similar.


What you can do:

  • Immediately apply security patch MS17-010 and block or monitor incoming traffic on TCP port 445.
  • Log into TruSTAR and search for Petya or NotPetya in the search bar. You can download IoC's from reports of the latest outbreak, as well as the ones we have been tracking since 2016.
  • We’re collecting more IoC’s and relevant context by the minute. Submit reports and update them regularly to enhance contextual data.
  • Use our anonymous chat to collaborate with others investigating the attack.


Don’t hesitate to reach out with questions or concerns to the TS Responder team. Log into TruSTAR now.

Want to learn more about TruSTAR's IoC Search? Click here.

Ingest Intelligence Faster With the New TruSTAR Google Chrome Extension If you’re an intelligence analyst, you’re probably spending a lot of time searching and scraping the internet for threat intelligence to speed ... Read More
Enrich Your Data With Independent Threat Intelligence Research TruSTAR is a product built by analysts, for analysts. Back in our SOC days, we checked-in with influencers in our field whenever we had an indicator ... Read More
Unveiling Our New Blockchain Research Tool at Black Hat Arsenal and DEF CON Recon Village 2018 Las Vegas, Aug. 06, 2018 (GLOBE NEWSWIRE) — The data science team behind TruSTAR will be presenting the only blockchain research tool selected for ... Read More
We've Made It Easier For You To Find High-Priority Indicators Today we’re announcing a major update to our IOC management feature to help security teams identify high-priority indicators while investigating ... Read More