Eternalromance

Vulnerability updated 7 months ago (2024-05-05T01:18:17.509Z)

Download STIX

Preview STIX

EternalRomance is a software vulnerability, specifically an exploit for the Server Message Block version 1 (SMBv1) protocol, which was leaked by the group known as the "ShadowBrokers." It affects Windows XP, Windows Server 2003, and Windows Vista systems. This flaw allows attackers to execute arbitrary code on the target system, often paired with other tools like PsExec for administration purposes or DoublePulsar, a persistent backdoor running in kernel space of the compromised system. Notably, EternalRomance and its counterpart EternalBlue remain popular exploits for operating system vulnerabilities. The first notable use of EternalRomance was by Advanced Persistent Threat 3 (APT3), also known as Buckeye, who reportedly sniffed the exploit from network traffic. APT3 then upgraded it to the equivalent of another exploit, EternalSynergy, using their own version dubbed UPSynergy. This activity was reported both by Symantec and Checkpoint's research team, highlighting the potential for such vulnerabilities to be repurposed and enhanced by sophisticated threat actors. Despite the release of security update MS17-010 aimed at patching the vulnerabilities exploited by EternalBlue and EternalRomance, these exploits continue to pose significant threats to unpatched systems. They have been used in several major cyberattacks, including the NotPetya ransomware attack, which leveraged these exploits' worm-like features to spread across computer networks. Therefore, it remains crucial for organizations to apply security patches promptly to mitigate the risks associated with these and similar exploits.

Description last updated: 2024-05-05T00:21:58.208Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The NotPetya Malware is associated with Eternalromance. NotPetya, a destructive malware posing as ransomware, was unleashed in 2017, causing widespread global damage while primarily targeting Ukraine's infrastructure. The cyberattack, commonly attributed to Russia, was so devastating that it led many to consider it an act of cyberwar, despite no official	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Eternalblue Vulnerability is associated with Eternalromance. EternalBlue is a software vulnerability, specifically a flaw in the design or implementation of Microsoft's Server Message Block (SMB) protocol. This vulnerability, officially known as CVE-2017-0144, allows for the execution of arbitrary code on affected systems. It became publicly known after a gro	Unspecified	3

Source Document References

Information about the Eternalromance Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	Petya Ransomware \| CISA
MITRE	2 years ago	New Ransomware Variant "Nyetya" Compromises Systems Worldwide
CERT-EU	a year ago	PC malware statistics, Q2 2022
MITRE	2 years ago	The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research
CERT-EU	2 years ago	APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Securelist	a year ago	PC malware statistics, Q3 2023
MITRE	2 years ago	Bad Rabbit ransomware
MITRE	2 years ago	IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine \| WeLiveSecurity