API tools faq
paste
Advertisement
secresearcher

BadRabbit IOCs

secresearcher
Oct 24th, 2017
245
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.87 KB | None | 0 0
raw download clone embed print report
  1. BadRabbit IOCs
  2.  
  3. Onion site for payment : hXXp://caforssztxqzf2nm[.]onion
  4. Payload Delivery URL : hXXp://1dnscontrol[.]com/flash_install.php
  5.  
  6. Following are the compromised sites
  7.  
  8. hxxp://argumentiru[.]com
  9. hxxp://www.fontanka[.]ru
  10. hxxp://grupovo[.]bg
  11. hxxp://www.sinematurk[.]com
  12. hxxp://www.aica.co[.]jp
  13. hxxp://spbvoditel[.]ru
  14. hxxp://argumenti[.]ru
  15. hxxp://www.mediaport[.]ua
  16. hxxp://blog.fontanka[.]ru
  17. hxxp://an-crimea[.]ru
  18. hxxp://www.t.ks[.]ua
  19. hxxp://most-dnepr[.]info
  20. hxxp://osvitaportal.com[.]ua
  21. hxxp://www.otbrana[.]com
  22. hxxp://calendar.fontanka[.]ru
  23. hxxp://www.grupovo[.]bg
  24. hxxp://www.pensionhotel[.]cz
  25. hxxp://www.online812[.]ru
  26. hxxp://www.imer[.]ro
  27. hxxp://novayagazeta.spb[.]ru
  28. hxxp://i24.com[.]ua
  29. hxxp://bg.pensionhotel[.]com
  30. hxxp://ankerch-crimea[.]ru
  31.  
  32. Hashes:
  33. - de5c8d858e6e41da715dca1c019df0bfb92d32c0 (installflashplayer.exe)
  34. - 79116fe99f2b421c52ef64097f0f39b815b20907 (infpub.dat) - Possible Vaccination similar to Petya (perfc.dat) - this file can be created on the system to (likely) stop the infection - https://twitter.com/0xAmit/status/922911491694694401
  35. - 2d963fcd2c6bcba05735a88ea4cbf6fd5f89a21c (infpub.dat)
  36. - afeee8b4acff87bc469a6f0364a81ae5d60a2add (dispci.exe)
  37.  
  38. Uses its own SMB discovery and mimikatz alike modules
  39. - https://www.hybrid-analysis.com/sample/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93?environmentId=100
  40.  
  41. Vendor Detections :
  42. - https://success.trendmicro.com/solution/1118637
  43.  
  44. Blogs:
  45.  
  46. - https://www.hybrid-analysis.com/sample/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93?environmentId=100
  47. - http://blog.talosintelligence.com/2017/10/bad-rabbit.html
  48. - https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/
  49.  
  50. HA analysis:
  51. - https://www.hybrid-analysis.com/sample/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!