Block URLs
- http://mischapuk6hyrn72.onion ;
- http://petya3jxfp2f7g3i.onion; http://petya3sen7dyko2n.onion
- http://mischa5xyix2mrhd.onion/MZ2MMJ; http://mischapuk6hyrn72.onion/MZ2MMJ http://petya3jxfp2f7g3i.onion/MZ2MMJ; http://petya3sen7dyko2n.onion/MZ2MMJ http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin COFFEINOFFICE.XYZ
- http://french-cooking.com/
- Block IP addresses 95.141.115.108; 185.165.29.78; 84.200.16.242; 111.90.139.247
Update AV Hashes
- a809a63bc5e31670ff117d838522dec433f74bee
- bec678164cedea578a7aff4589018fa41551c27f
- d5bf3f100e7dbcc434d7c58ebf64052329a60fc2
- aba7aa41057c8a6b184ba5776c20f7e8fc97c657
- 0ff07caedad54c9b65e5873ac2d81b3126754aac
- 51eafbb626103765d3aedfd098b94d0e77de1196
- 078de2dc59ce59f503c63bd61f1ef8353dc7cf5f
- 7ca37b86f4acc702f108449c391dd2485b5ca18c
- 2bc182f04b935c7e358ed9c9e6df09ae6af47168
- b83c00143a1bb2bf16b46c01f36d53fb66f82b5
- 82920a2ad0138a2a8efc744ae5849c6dde6b435d
- 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 (main 32-bit DLL)
- 64b0b58a2c030c77f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5 (signed PSEXEC.EXE)
- fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1 (main 32-bit DLL)
- 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f (64-bit EXE)
- eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998 (32-bit EXE)
Semoga Bermanfaat.
Referensi
Prepared by Subrahmanya Gupta BODA, Group CISO, EC-Council, C|CISO, gupta.boda@eccouncil.org Overview
http://www.wired.co.uk/article/petya-malware-ransomware-attack-outbreak-june-2017
https://www.binarydefense.com/petya-ransomware-without-fluff/ https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4 Spread / impact
https://intel.malwaretech.com/ Advisories
https://www.us-cert.gov/ncas/alerts/TA17-132A