We’re seeing relevant activity on our platform related to Bad Rabbit ransomware. If you’re interested in enrichment data look no further.
What we know:
• On Tuesday, the security community began tracking a new outbreak of ransomware called BadRabbit. This ransomware has infected hundreds of computers—mostly in Russia, but with some victims in Ukraine, Turkey, Bulgaria, and Germany—according to security firms including ESET and Kaspersky.
• Researchers are seeing similarities between BadRabbit and Petya/NotPetya, even though the infection vector is different. The outbreak remains only a small fraction of the size of the NotPetya epidemic.
What we’re seeing on TruSTAR:
• A number of reports with IOC’s and context for BadRabbit are now available on TruSTAR.
• As more information is available we will be tracking any overlap between NotPetya infrastructure and BadRabbit.
What you can do:
• Log into TruSTAR and download IOC’s from BadRabbit submissions.
• You can also search for “BadRabbit” to view reports related to this campaign and download associated IOC’s.
• Follow a BadRabbit report and get notified of additional activity.
We’re collecting more IOC’s and relevant context on a daily basis. Submit reports and update them regularly to enhance contextual data. Don’t hesitate to reach out with questions or concerns to the TS Responder team. We’ll be watching closely.