NotPetya (2538e0fe-1290-4ae1-aef9-e55d83c9eb23)
NotPetya is malware that was used by Sandworm Team in a worldwide attack starting on June 27, 2017. While NotPetya appears as a form of ransomware, its main purpose was to destroy data and disk structures on compromised systems; the attackers never intended to make the encrypted data recoverable. As such, NotPetya may be more appropriately thought of as a form of wiper malware. NotPetya contains worm-like features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.[Talos Nyetya June 2017][US-CERT NotPetya 2017][ESET Telebots June 2017][US District Court Indictment GRU Unit 74455 October 2020]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Sandworm Team (16a65ee9-cd60-4f04-ba34-f2f45fcfc666) | Tidal Groups | NotPetya (2538e0fe-1290-4ae1-aef9-e55d83c9eb23) | Tidal Software | 1 |