https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1600#M62 Beware of the next Ransomware attack, Bad Rabbit is it's name. Read the article on <A href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Tibbar.A" target="_blank">https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Tibbar.A</A> to see how bit defender prevents te reboot and maybe the encryption process. Thu, 26 Oct 2017 10:12:10 GMT mattheer 2017-10-26T10:12:10Z https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1600#M62 Beware of the next Ransomware attack, Bad Rabbit is it's name. Read the article on <A href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Tibbar.A" target="_blank">https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Tibbar.A</A> to see how bit defender prevents te reboot and maybe the encryption process. Thu, 26 Oct 2017 10:12:10 GMT https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1600#M62 mattheer 2017-10-26T10:12:10Z https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1604#M63 <P>A couple of Researchers&nbsp;also pulling together some information:<BR /><BR /><A href="https://success.trendmicro.com/solution/1118637" target="_blank">https://success.trendmicro.com/solution/1118637</A><BR /><A href="https://blogs.forcepoint.com/insights/forcepoint-statement-bad-rabbit-cyber-attacks" target="_blank">https://blogs.forcepoint.com/insights/forcepoint-statement-bad-rabbit-cyber-attacks</A></P> Thu, 26 Oct 2017 10:18:43 GMT https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1604#M63 artfulbodger 2017-10-26T10:18:43Z https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1609#M64 <P>Some of the&nbsp;domain name and&nbsp;hash&nbsp;values listed below. They need to blocked as much&nbsp;as outer level&nbsp;and hash-values need to be monitored.</P><P><STRONG>&nbsp;</STRONG></P><P><STRONG>Domains:</STRONG></P><P>1dnscontrol.com</P><P><A href="http://diskcryptor.net/" target="_blank">http://diskcryptor.net/</A></P><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>File Hashes:</STRONG></P><P>630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da</P><P>8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93</P><P>afeee8b4acff87bc469a6f0364a81ae5d60a2add</P><P>b14d8faf7f0cbcfad051cefe5f39645f</P><P>de5c8d858e6e41da715dca1c019df0bfb92d32c0</P><P>fbbdc39af1139aebba4da004475e8839</P><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>1- File name:</STRONG></P><P>dispci.exe</P><P>Size&nbsp;&nbsp;&nbsp;&nbsp; 140KiB (142848 bytes)</P><P>MD5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b14d8faf7f0cbcfad051cefe5f39645f</P><P>SHA-1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; afeee8b4acff87bc469a6f0364a81ae5d60a2add</P><P>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93</P><P>File Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Win32 EXE</P><P>Other file names:</P><P>rabbit2.exe</P><P>ddd._exe</P><P>localfile~</P><P>payload_8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93</P><P>8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93.bin</P><P>dsc.exe</P><P>&nbsp;</P><P><STRONG>Imported files:</STRONG></P><P>ADVAPI32.dll</P><P>CRYPT32.dll</P><P>KERNEL32.dll</P><P>NETAPI32.dll</P><P>PSAPI.DLL</P><P>SHLWAPI.dll</P><P>USER32.dll</P><P>ole32.dll</P><P>&nbsp;</P><P><STRONG>Runtime Process</STRONG></P><P>8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93.exe.bin</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>2- File Name</STRONG></P><P>flash_install.php</P><P>FlashUtil.exe</P><P>File size&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 431.54 KB</P><P>MD5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fbbdc39af1139aebba4da004475e8839</P><P>SHA-1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; de5c8d858e6e41da715dca1c019df0bfb92d32c0</P><P>SHA-256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da</P><P>File Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Win32 EXE</P><P>&nbsp;</P><P><STRONG>Other file names:</STRONG></P><P>BadRabbit.exe.virus</P><P>630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da.exe</P><P>630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da.bin</P><P>localfile~</P><P>Discoder BadRabbit RANSOMWARE</P><P>install_flash_player.exe</P><P>&nbsp;</P><P><STRONG>Imported Files:</STRONG></P><P>KERNEL32.dll</P><P>SHELL32.dll</P><P>USER32.dll</P><P>msvcrt.dll</P> Thu, 26 Oct 2017 10:25:52 GMT https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1609#M64 Adeel 2017-10-26T10:25:52Z https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1733#M65 <P>Just a reminder to apply the latest signatures/definitions to your systems. Most products have already covered this threat in their latest update.</P> Sun, 29 Oct 2017 12:33:35 GMT https://community.isc2.org/t5/Threats/Bad-Rabbit/m-p/1733#M65 Jason 2017-10-29T12:33:35Z