Malware: Bad Rabbit

Description

[Bad Rabbit](https://attack.mitre.org/software/S0606) is a self-propagating ransomware that affected the Ukrainian transportation sector in 2017. [Bad Rabbit](https://attack.mitre.org/software/S0606) has also targeted organizations and consumers in Russia. (Citation: Secure List Bad Rabbit)(Citation: ESET Bad Rabbit)(Citation: Dragos Apr 2019)

External References

• mitre-attack
• Dragos Apr 2019
• ESET Bad Rabbit
• Secure List Bad Rabbit

Techniques Used by This Malware

• T1003.001 — LSASS Memory
• T1036.005 — Match Legitimate Resource Name or Location
• T1053.005 — Scheduled Task
• T1057 — Process Discovery
• T1106 — Native API
• T1110.003 — Password Spraying
• T1135 — Network Share Discovery
• T1189 — Drive-by Compromise
• T1204.002 — Malicious File
• T1210 — Exploitation of Remote Services
• T1218.011 — Rundll32
• T1486 — Data Encrypted for Impact
• T1495 — Firmware Corruption
• T1548.002 — Bypass User Account Control
• T1569.002 — Service Execution

APT Groups Using This Malware

• Sandworm Team