Bad Rabbit

Malware updated 22 days ago (2024-11-29T14:05:05.989Z)
Download STIX
Preview STIX
Bad Rabbit is a notorious malware that emerged in October 2017, primarily targeting corporate networks. It operates as ransomware, encrypting the victim's files and disk while offering a means of decryption for a ransom. The malicious software uses fake Adobe Flash installer advertisements to lure victims, exploiting the EternalBlue vulnerability and encrypting the Master Boot Record (MBR) similar to Petya, another infamous malware. Unlike ExPetr, however, Bad Rabbit was not designed as a wiper, meaning it does not aim to permanently delete or make data unrecoverable. Code analysis revealed notable similarities between ExPetr and Bad Rabbit binaries, indicating a potential link in their development or operation. The Cybereason Nocturnus Team was at the forefront of countermeasures against this cyber threat, releasing the first vaccination for the 2017 NotPetya and Bad Rabbit cyberattacks. This proactive response provided a critical defense mechanism to help mitigate the impact of these attacks. In the case of Bad Rabbit, the malware algorithm suggests that the threat actors possess the technical capability to decrypt the password necessary for disk decryption, further emphasizing the importance of such defensive measures. Bad Rabbit has been linked to several other ransomware variants, including GandCrab, LockBit 2.0, and STOP/DJVU, as well as multiple malware samples like BankBot, Dreambot, Godzilla, Gozi ISFB, Nymaim, Pony Loader, Privateloader, and SmokeLoader. The threat actor also employs fast flux on infected computers in regions such as Asia, Africa, and the Middle East, which makes blocking content difficult due to constantly changing IP addresses. These associations and tactics underscore the broad reach and evolving complexity of the Bad Rabbit malware.
Description last updated: 2024-05-04T18:03:47.541Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
NotPetya is a possible alias for Bad Rabbit. NotPetya is a destructive malware that posed as ransomware, causing significant global damage in 2017. Despite its appearance as ransomware, NotPetya was not designed to extort money but rather to destroy data and disrupt operations, particularly targeting Ukraine's infrastructure. NotPetya was attr
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.