Eric Crist ecrist
ecrist
/ Petya_ransomware.txt
Created
June 28, 2017 14:59
— forked from vulnersCom/Petya_ransomware.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #petya #petrWrap | |
| Win32/Diskcoder.Petya.C | |
| Ransomware attack. | |
| Got new info? Email at isox@vulners.com | |
| *********** KILLSWITCH // PARTIAL? GOT PROOF - EMAIL! | |
| Looks like if you block C:\Windows\perfc.dat from writing/executing - stops #Petya. Is used for rundll32 import. | |
| https://twitter.com/HackingDave/status/879779361364357121 |