Create a Post
Showing results for 
Search instead for 
Did you mean: 

NotPetya: Under the Microscope Presentation and Recording

If you missed today's informative webinar on NotPetya, you can download the slide deck and watch a recording of the presentation below.

Note: You must be logged into to CheckMates in order to view the presentation and recording.

NotPetya: Under the Microscope Slidedeck

NotPetya: Under the Microscope Webinar Recording

Here is a brief outline:


  • Intro (short summary of events + presentation goals)
  • Timeline – What happened prior to the attack? (M.E.Doc supply chain attack story + watering hole attack)
  • Lateral Movement – How does the malware spread?
    • Embedded Credential Stealing Tool – Explanation
    • Methods used to run remote code
    • WMI
    • PsExec
    • EternalBlue + DoublePulsar Lateral Movement
  • Overview of the Ransomware’s MBR Encryption Method
    • MBR, VBR, MFT – Terminology Explanation
    • How does the MBR encryption in NotPetya work?
  • General Malware Flow
  • Should you Pay the Ransom?
  • Double Pulsar Finding (Our Research + Reference to Blog Post for Full Story)
  • Speculations + Fiction
    • TeleBots Team Connection
    • Russian Government Involvement
    • Malware is Not Designed for Profit – explanation
    • Confusion with CVE-2017-0199 Downloader
  • How can we protect ourselves from the next strain for free (besides patching and backing up )
  • Summary

Related: How Endpoint Forensics sees NotPetya

1 Reply


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events