Eternalromance

Vulnerability updated 4 months ago (2024-05-05T01:18:17.509Z)

Download STIX

Preview STIX

EternalRomance is a software vulnerability, specifically an exploit for the Server Message Block version 1 (SMBv1) protocol, which was leaked by the group known as the "ShadowBrokers." It affects Windows XP, Windows Server 2003, and Windows Vista systems. This flaw allows attackers to execute arbitrary code on the target system, often paired with other tools like PsExec for administration purposes or DoublePulsar, a persistent backdoor running in kernel space of the compromised system. Notably, EternalRomance and its counterpart EternalBlue remain popular exploits for operating system vulnerabilities. The first notable use of EternalRomance was by Advanced Persistent Threat 3 (APT3), also known as Buckeye, who reportedly sniffed the exploit from network traffic. APT3 then upgraded it to the equivalent of another exploit, EternalSynergy, using their own version dubbed UPSynergy. This activity was reported both by Symantec and Checkpoint's research team, highlighting the potential for such vulnerabilities to be repurposed and enhanced by sophisticated threat actors. Despite the release of security update MS17-010 aimed at patching the vulnerabilities exploited by EternalBlue and EternalRomance, these exploits continue to pose significant threats to unpatched systems. They have been used in several major cyberattacks, including the NotPetya ransomware attack, which leveraged these exploits' worm-like features to spread across computer networks. Therefore, it remains crucial for organizations to apply security patches promptly to mitigate the risks associated with these and similar exploits.

Description last updated: 2024-05-05T00:21:58.208Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
NotPetya	Unspecified	2	NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
Eternalblue	Unspecified	3	EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers

Source Document References

Information about the Eternalromance Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	Petya Ransomware \| CISA
MITRE	2 years ago	New Ransomware Variant "Nyetya" Compromises Systems Worldwide
CERT-EU	a year ago	PC malware statistics, Q2 2022
MITRE	2 years ago	The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research
CERT-EU	a year ago	APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Securelist	9 months ago	PC malware statistics, Q3 2023
MITRE	2 years ago	Bad Rabbit ransomware
MITRE	2 years ago	IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine \| WeLiveSecurity