Blog Threat Alert: #BadRabbit Correlations & Enrichment on TruSTAR

Threat Alert: #BadRabbit Correlations & Enrichment on TruSTAR

We’re seeing relevant activity on our platform related to Bad Rabbit ransomware. If you’re interested in enrichment data look no further. 

What we know:

On Tuesday, the security community began tracking a new outbreak of ransomware called BadRabbit. This ransomware has infected hundreds of computers—mostly in Russia, but with some victims in Ukraine, Turkey, Bulgaria, and Germany—according to security firms including ESET and Kaspersky.

• Researchers are seeing similarities between BadRabbit and Petya/NotPetya, even though the infection vector is different. The outbreak remains only a small fraction of the size of the NotPetya epidemic.

What we’re seeing on TruSTAR:

• A number of reports with IOC’s and context for BadRabbit are now available on TruSTAR.

• As more information is available we will be tracking any overlap between NotPetya infrastructure and BadRabbit.


What you can do:

• Log into TruSTAR and download IOC’s from BadRabbit submissions.

• You can also search for “BadRabbit” to view reports related to this campaign and download associated IOC’s.

• Follow a BadRabbit report and get notified of additional activity. 

We’re collecting more IOC’s and relevant context on a daily basis. Submit reports and update them regularly to enhance contextual data. Don’t hesitate to reach out with questions or concerns to the TS Responder team. We’ll be watching closely.

Customer Spotlight Webinar: PVH Corp. TruSTAR has a new webinar series, Customer Spotlight, where we invite security leaders and operators from across the TruSTAR community to share ... Read More
COVID-19: Early Lessons for Cybersecurity Operators News broke the other day that there were at least two cases of COVID-19 in Santa Clara County, California as early as February 6, well before the ... Read More
COVID-19 Impact & Community Response The following blog post details the security impact COVID-19 has on enterprise security teams. To learn more about TruSTAR and IBM’s Community effort ... Read More
Why Automated Data Workflows are a Foundational Capability for Enterprise SOCs SOAR technologies and the adoption of orchestration have fundamentally changed the way we think about cybersecurity, and we’re all better for it. ... Read More