ioc[.]one - OSINT Cyber Threat Intelligence Database

Tracking the BadRabbit Ransomware to an Ongoing Campaign of Target Selection | RiskIQ

Tags

country:	Montenegro Russia Ukraine
attack-pattern:	Data Datasets Direct Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	9d778c34-bd05-40a1-b67b-8bec8e1ba314
Fingerprint	b744a8931497e259
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 25, 2017, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 5, 2024, 12:46 p.m.
Headline	UNKNOWN
Title	Tracking the BadRabbit Ransomware to an Ongoing Campaign of Target Selection \| RiskIQ
Detected Hints/Tags/Attributes	43/2/71

Source URLs

	Redirection	Url
Details	Source	https://www.riskiq.com/blog/labs/badrabbit/

URL Provider

Details	Provider	Source level domain
Details	riskiq.com	www.riskiq.com

Attributes

Details	Type	#Events	Value
Details	Domain	13	1dnscontrol.com
Details	Domain	1	aica.co.jp
Details	Domain	2	www.dermavieskin.com
Details	Domain	5	grupovo.bg
Details	Domain	1	www.fitnes-trener.com.ua
Details	Domain	1	www.afaceri-poligrafice.ro
Details	Domain	2	grandua.ua
Details	Domain	4	i24.com.ua
Details	Domain	1	scanstockphoto.com
Details	Domain	1	izgodni.bg
Details	Domain	1	www.biotechusa.ru
Details	Domain	4	www.mediaport.ua
Details	Domain	1	www.armoniacenter.com
Details	Domain	1	sweet-home.dn.ua
Details	Domain	2	www.chnu.edu.ua
Details	Domain	1	fitnes-trener.com.ua
Details	Domain	4	ks.ua
Details	Domain	1	www.fastfwd.ru
Details	Domain	2	www.uscc.ua
Details	Domain	2	bitte.net.ua
Details	Domain	1	ophthalmolog.kiev.ua
Details	Domain	2	akvadom.kiev.ua
Details	Domain	1	ulianarudich.com.ua
Details	Domain	1	football.zp.ua
Details	Domain	1	chnu.edu.ua
Details	Domain	1	evroremont.kharkov.ua
Details	Domain	1	thecovershop.pl
Details	Domain	1	www.tofisa.com
Details	Domain	1	cream-dream.com.ua
Details	Domain	1	go2odessa.ru
Details	Domain	2	bahmut.com.ua
Details	Domain	1	abantyoreselurunler.com
Details	Domain	1	aldingareefretreat.com
Details	Domain	1	ftp9.net
Details	Domain	1	magicofis.com
Details	Domain	1	piiz.tk
Details	Domain	1	tedizmir.k12.tr
Details	Domain	1	websgramly.com
Details	Domain	2	www.andronova.net
Details	Domain	1	www.detaymaxinet.com
Details	Domain	1	www.fikracenneti.com
Details	Domain	1	www.gulenturizm.com.tr
Details	Domain	1	www.ilgihastanesi.com
Details	Domain	1	www.komedibahane.com
Details	Domain	1	www.moonlightcinemaclub.com
Details	Domain	1	www.musterihizmetlerinumarasi.com
Details	Domain	1	www.techkafa.net
Details	Domain	2	www.teknolojihaber.net
Details	Domain	2	www.vertizontal.ro
Details	Domain	2	montenegro-today.com
Details	Domain	3	www.grupovo.bg
Details	Domain	1	www.matasedita.sk
Details	Domain	2	www.montenegro-today.com
Details	Domain	1	www.myk104.com
Details	Domain	1	www.nadupanyfanusik.sk
Details	Domain	4	www.otbrana.com
Details	Domain	5	www.sinematurk.com
Details	Domain	1	www.ucarsoft.com
Details	Domain	49	xhr.open
Details	Domain	1	div.id
Details	File	15	install_flash_player.exe
Details	File	11	flash_install.php
Details	File	1	thecovershop.pl
Details	File	6	window.xml
Details	File	7	'msxml2.xml
Details	File	3	'microsoft.xml
Details	IPv4	7	185.149.120.3
Details	IPv4	2	172.97.69.79
Details	IPv4	2	91.236.116.50
Details	IPv4	2	38.84.134.15
Details	Url	3	http://1dnscontrol.com/flash_install.php