{ "Event": { "analysis": "0", "date": "2017-10-24", "extends_uuid": "", "info": "OSINT - Bad Rabbit ransomware", "publish_timestamp": "1508922265", "published": true, "threat_level_id": "3", "timestamp": "1508922261", "uuid": "59f0462f-41d4-47b4-9e1b-4a07950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Bad Rabbit\"" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#2c4f00", "name": "malware_classification:malware-category=\"Ransomware\"" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#0088cc", "name": "misp-galaxy:preventive-measure=\"Backup and Restore Process\"" }, { "colour": "#0088cc", "name": "misp-galaxy:preventive-measure=\"Restrict Workstation Communication\"" } ], "Attribute": [ { "category": "Network activity", "comment": "The ransomware dropper is distributed from", "deleted": false, "disable_correlation": false, "timestamp": "1508918921", "to_ids": true, "type": "url", "uuid": "59f04689-1d08-4780-b433-4e4e950d210f", "value": "http://1dnscontrol.com/flash_install.php" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508919089", "to_ids": false, "type": "link", "uuid": "59f04703-4f20-4b4c-9655-4e01950d210f", "value": "https://securelist.com/bad-rabbit-ransomware/82851/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508919222", "to_ids": false, "type": "comment", "uuid": "59f047b0-776c-49a7-82e5-4594950d210f", "value": "n October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine.", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "Payload delivery", "comment": "downloaded file", "deleted": false, "disable_correlation": false, "timestamp": "1508919379", "to_ids": true, "type": "filename", "uuid": "59f04853-d364-4c70-a966-496c950d210f", "value": "install_flash_player.exe" }, { "category": "Payload delivery", "comment": "malicious DLL", "deleted": false, "disable_correlation": false, "timestamp": "1508919380", "to_ids": true, "type": "filename", "uuid": "59f04854-ee44-43a7-add1-48e2950d210f", "value": "%WINDIR%\\infpub.dat" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508919704", "to_ids": true, "type": "filename", "uuid": "59f04998-0774-4f90-93ec-42a9950d210f", "value": "dispci.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508919789", "to_ids": true, "type": "filename", "uuid": "59f049ed-6f9c-4994-b4a2-466c950d210f", "value": "%WINDIR%\\cscc.dat" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508919835", "to_ids": true, "type": "url", "uuid": "59f04a1b-b1ac-4bdb-9771-45ff950d210f", "value": "http://1dnscontrol.com/" }, { "category": "Payload delivery", "comment": "install_flash_player.exe", "deleted": false, "disable_correlation": false, "timestamp": "1508919835", "to_ids": true, "type": "md5", "uuid": "59f04a1b-9ee4-4318-a764-49df950d210f", "value": "fbbdc39af1139aebba4da004475e8839" }, { "category": "Payload delivery", "comment": "C:\\Windows\\infpub.dat", "deleted": false, "disable_correlation": false, "timestamp": "1508919835", "to_ids": true, "type": "md5", "uuid": "59f04a1b-4228-4582-ad70-48b4950d210f", "value": "1d724f95c61f1055f0d02c2154bbccd3" }, { "category": "Payload delivery", "comment": "C:\\Windows\\dispci.exe", "deleted": false, "disable_correlation": false, "timestamp": "1508919835", "to_ids": true, "type": "md5", "uuid": "59f04a1b-5400-4fbd-8027-476b950d210f", "value": "b14d8faf7f0cbcfad051cefe5f39645f" } ] } }