Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:49:10 UTC
Home > List all groups > List all tools > List all groups using tool NotPetya
 Tool: NotPetya
Names
NotPetya
EternalPetya
ExPetr
Pnyetya
Petna
Nyetya
NonPetya
nPetya
Petrwrap
Diskcoder.C
GoldenEye
Category Malware
Type Ransomware, Wiper, Worm, Remote command
Description
(US-CERT) On June 27, 2017, NCCIC was notified of Petya malware events occurring in
multiple countries and affecting multiple sectors. This variant of the Petya malware—
referred to as NotPetya—encrypts files with extensions from a hard-coded list.
Additionally, if the malware gains administrator rights, it encrypts the master boot record
(MBR), making the infected Windows computers unusable. NotPetya differs from previous
Petya malware primarily in its propagation methods.
NotPetya leverages multiple propagation methods to spread within an infected network.
According to malware analysis, NotPetya attempts the lateral movement techniques below:
• PsExec - a legitimate Windows administration tool
• WMI - Windows Management Instrumentation, a legitimate Windows component
• EternalBlue - the same Windows SMBv1 exploit used by WannaCry
• EternalRomance - another Windows SMBv1 exploit
Information

b85626af34ef_story.html>
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1c756d0-c922-45d9-94d5-fb355f523add
Page 2 of 3

MITRE ATT&CK Malpedia
AlienVault OTX Last change to this tool card: 21 May 2020
Download this tool card in JSON format
All groups using tool NotPetya
Changed Name Country Observed
APT groups
 TeleBots 2015-Oct 2020
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1c756d0-c922-45d9-94d5-fb355f523add
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1c756d0-c922-45d9-94d5-fb355f523add
Page 3 of 3