BadRabbit With the RSA NetWitness Suite
Tags
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 30cdf3ce-b251-4af6-a118-4b09f15196af
Fingerprint ff4430dd24e286a1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 25, 2017, 3:18 p.m.
Added to db Jan. 18, 2023, 9:23 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline NetWitness Community
Title BadRabbit With the RSA NetWitness Suite
Detected Hints/Tags/Attributes 36/1/16
Source URLs
Redirection Url
Details Source https://community.rsa.com/community/products/netwitness/blog/2017/10/25/badrabbit-in-the-rsa-netwitness-suite
URL Provider
Details Provider Source level domain
Details rsa.com community.rsa.com
Attributes
Details Type #Events CTI Value
Details Domain 358 
pastebin.com
Details Domain 13 
1dnscontrol.com
Details File 1 
b4dd.tmp
Details File 478 
lsass.exe
Details File 11 
cscc.dat
Details File 30 
shutdown.exe
Details File 11 
dispci.exe
Details File 15 
install_flash_player.exe
Details File 1 
infopub.dat
Details File 11 
flash_install.php
Details sha1 2 
de5c8d858e6e41da715dca1c019df0bfb92d32c0
Details sha1 2 
afeee8b4acff87bc469a6f0364a81ae5d60a2add
Details sha1 2 
79116fe99f2b421c52ef64097f0f39b815b20907
Details sha1 2 
413eba3973a15c1a6429d9f170f3e8287f98c21c
Details sha1 2 
16605a4a29a101208457c47ebfde788487be788d
Details Threat Actor Identifier - APT 297 
APT27