BadRabbit malware

Another day, another supposedly large scale malware attack. This time it’s called BadRabbit.

2017-10-25 : Detection methods (Windows events) 2017-10-25 : YARA rules 2017-10-25 : Removed spreading via Eternalblue 2017-10-25 : Removed Petya link

Based on the information from ESET the malware targets

transportation organizations governmental organizations media outlets Russia fewer attacks in Ukraine, Turkey and Germany

The malware is delivered via a fake Adobe Flash update (drive-by attack)

hxxp://1dnscontrol.com/flash_install.php (block this URL) hxxp://1dnscontrol.com/install_flash_player.exe (block … Continue reading BadRabbit malware