Blog Threat Alert: #BadRabbit Correlations & Enrichment on TruSTAR

Threat Alert: #BadRabbit Correlations & Enrichment on TruSTAR

We’re seeing relevant activity on our platform related to Bad Rabbit ransomware. If you’re interested in enrichment data look no further. 

What we know:

On Tuesday, the security community began tracking a new outbreak of ransomware called BadRabbit. This ransomware has infected hundreds of computers—mostly in Russia, but with some victims in Ukraine, Turkey, Bulgaria, and Germany—according to security firms including ESET and Kaspersky.

• Researchers are seeing similarities between BadRabbit and Petya/NotPetya, even though the infection vector is different. The outbreak remains only a small fraction of the size of the NotPetya epidemic.

What we’re seeing on TruSTAR:

• A number of reports with IOC’s and context for BadRabbit are now available on TruSTAR.

• As more information is available we will be tracking any overlap between NotPetya infrastructure and BadRabbit.


What you can do:

• Log into TruSTAR and download IOC’s from BadRabbit submissions.

• You can also search for “BadRabbit” to view reports related to this campaign and download associated IOC’s.

• Follow a BadRabbit report and get notified of additional activity. 

We’re collecting more IOC’s and relevant context on a daily basis. Submit reports and update them regularly to enhance contextual data. Don’t hesitate to reach out with questions or concerns to the TS Responder team. We’ll be watching closely.

Black Hat 2019 Recap: Strategies for Understanding Your Attacker   Read More
CSA Security Update Podcast: TruSTAR CEO Paul Kurtz on the Value of Information Sharing on Threat Intelligence   TruSTAR’s CEO and co-founder Paul Kurtz recently appeared on Cloud Security Alliance’s podcast, CSA Security Update, and sat down with podcast host ... Read More
TruSTAR Sits Down With the Shape Security's Director of Engineering to Discuss Fraud & Account Takeover Trends The TruSTAR team recently had the opportunity to sit down with Jarrod Overson, the Director of Engineering at Shape Security. Jarrod, an expert in ... Read More
Intelligence Management and Gartner's SOAR: Thinking About Workflow First Gartner's Security Orchestration Automation and Response (SOAR) market category was announced in November 2017, and since then we've seen numerous ... Read More