‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine | McAfee Blog
Tags
| country: | Bulgaria Germany Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Scheduled Task - T1053 Default Credentials |
Common Information
| Type | Value |
|---|---|
| UUID | 821daae3-8926-4ba5-b6b5-6b017c1a4028 |
| Fingerprint | a713a8fb0c718797 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 24, 2017, 10:31 p.m. |
| Added to db | Dec. 21, 2022, 4:44 p.m. |
| Last updated | Nov. 14, 2024, 9:58 p.m. |
| Headline | ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine |
| Title | ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine | McAfee Blog |
| Detected Hints/Tags/Attributes | 46/3/51 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 504 | ✔ | — | https://blogs.mcafee.com/tag/cybercrime/feed | 2024-08-31 10:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ipt.aol |
|
| Details | File | 11 | flash_install.php |
|
| Details | File | 6 | 3ds.7z |
|
| Details | File | 6 | accdb.ai |
|
| Details | File | 3 | asm.asp |
|
| Details | File | 6 | back.bak |
|
| Details | File | 3 | c.cab |
|
| Details | File | 3 | cc.cer |
|
| Details | File | 6 | conf.cpp |
|
| Details | File | 3 | crt.cs |
|
| Details | File | 3 | cxx.dbf |
|
| Details | File | 3 | der.dib |
|
| Details | File | 6 | disk.djvu |
|
| Details | File | 12 | doc.docx |
|
| Details | File | 6 | dwg.eml |
|
| Details | File | 5 | fdb.gz |
|
| Details | File | 3 | hxx.iso |
|
| Details | File | 3 | jfif.jpe |
|
| Details | File | 3 | jpeg.jpg |
|
| Details | File | 3 | kdbx.key |
|
| Details | File | 5 | mail.mdb |
|
| Details | File | 3 | nrg.odc |
|
| Details | File | 3 | odi.odm |
|
| Details | File | 3 | odp.ods |
|
| Details | File | 3 | ovf.p12 |
|
| Details | File | 5 | p7b.p7c |
|
| Details | File | 4 | pem.pfx |
|
| Details | File | 3 | pmf.png |
|
| Details | File | 3 | ppt.pptx |
|
| Details | File | 3 | ps1.pst |
|
| Details | File | 5 | pvi.py |
|
| Details | File | 3 | pyc.py |
|
| Details | File | 3 | qcow2.rar |
|
| Details | File | 3 | rb.rtf |
|
| Details | File | 3 | scm.sln |
|
| Details | File | 6 | sql.tar |
|
| Details | File | 3 | tib.tif |
|
| Details | File | 3 | vb.vb |
|
| Details | File | 2 | ox.vbs |
|
| Details | File | 5 | vcb.vdi |
|
| Details | File | 5 | vmc.vmdk |
|
| Details | File | 5 | work.xls |
|
| Details | File | 3 | xlsx.xml |
|
| Details | File | 4 | xvd.zip |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 6 | c:\windows\dispci.exe |
|
| Details | File | 11 | dispci.exe |
|
| Details | sha256 | 6 | 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648 |
|
| Details | sha256 | 7 | 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da |
|
| Details | sha256 | 7 | 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93 |
|
| Details | Url | 1 | http://1dnscontrol[dot]com/flash_install.php |