BadRabbit: a closer look at the new version of Petya/NotPetya | Malwarebytes Labs
Tags
country: Bulgaria Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Email Account - T1087.003 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Rundll32 - T1085 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID f88d30df-298e-4f0e-944d-84ca2fb1ec66
Fingerprint d72dd80aad25ae8d
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 24, 2017, midnight
Added to db Jan. 18, 2023, 8:35 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline BadRabbit: a closer look at the new version of Petya/NotPetya
Title BadRabbit: a closer look at the new version of Petya/NotPetya | Malwarebytes Labs
Detected Hints/Tags/Attributes 64/3/22
Source URLs
Redirection Url
Details Source https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/
URL Provider
Details Provider Source level domain
Details malwarebytes.com blog.malwarebytes.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
diskcryptor.net
Details Domain 4128 
github.com
Details Domain 262 
www.welivesecurity.com
Details Domain 31 
hshrzd.wordpress.com
Details File 12 
infpub.dat
Details File 11 
cscc.dat
Details File 11 
dispci.exe
Details File 14 
perfc.dat
Details File 1018 
rundll32.exe
Details File 9 
c:\\windows\\system32\\rundll32.exe
Details File 1 
c:\\windows\\infpub.dat
Details File 367 
readme.txt
Details File 1 
stage1.asm
Details Github username 1 
smartinm
Details md5 4 
fbbdc39af1139aebba4da004475e8839
Details md5 4 
1d724f95c61f1055f0d02c2154bbccd3
Details md5 3 
b4e6d97dafd9224ed9a547d52c26ce02
Details md5 4 
b14d8faf7f0cbcfad051cefe5f39645f
Details Url 1 
https://github.com/smartinm/diskcryptor/blob/master/boot/vc2008_src/asm/stage1.asm#l25
Details Url 2 
https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back
Details Url 1 
https://speakerdeck.com/hshrzd/notpetya-the-analysis-of-the-mysterious-malware-which-has-attacked-ukraine
Details Url 28 
https://hshrzd.wordpress.com