{"id": "700152.PRM", "type": "nessus", "bulletinFamily": "scanner", "title": "Petya Ransomware Malicious Host Detection", "description": "One or more requests to potential Petya ransomware related malware hosts have been detected. Petya differs from typical ransomware as it does not just encrypt files, it also overwrites and encrypts the master boot record (MBR), demanding payment via cryptocurrency. Petya propagates itself similar to \"WannaCry\" by exploiting the MS17-010 vulnerability, also known as EternalBlue which was part of the ShadowBrokers dump.", "published": "2017-06-27T00:00:00", "modified": "2017-10-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nnm/700152", "reporter": "Tenable", "references": ["https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe", "http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-19T12:36:02", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["ETERNALBLUE"]}]}, "exploitation": null, "vulnersScore": 2.2}, "pluginID": "700152", "sourceData": "Binary data 700152.prm", "naslFamily": "Generic", "cpe": [], "solution": "Manually inspect the workstation to ensure that it is not running software which may impact the security of the entire network. Also, ensure that this device is in compliance with security and corporate policies and that all relevant patches have been updated. ", "nessusSeverity": "Info", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{}