Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

BadRabbit: New ransomware wave hitting RU & UA

Published: 2017-10-24
Last Updated: 2017-10-24 16:09:36 UTC
by Xavier Mertens (Version: 1)
4 comment(s)

About 2 hours ago, reports started to come about a new ransomware wave hitting RU Media agency Interfax, but it is extending to others in both RU and UA

It seems to be delivered via malicious URL as fake flash update and then using EternalBlue and Mimikatz for lateral movement and further spreading.


Discoder/#BadRabbit IOCs as found by ESET:

There are still lots of speculation though as analysis is early stage, more need to come. At least it's not Friday!

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

4 comment(s)
Diary Archives