Jump to content

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread


hacker7

Recommended Posts

 

 

 


 


 



 
 


 
 


 


 

Source
Link to comment
Share on other sites

  • Replies 35
  • Views 1.8k
  • Created
  • Last Reply

and people say Kaspersky  the bad ones

this is the same things Kaspersky  flag but is bad of Kaspersky  for stoping things like this  crazy people

 

 

Kaspersky is stoping there own hackers seems funny  they hackers or not ?

https://www.kaspersky.co.uk/resource-center/threats/blackenergy

not russia do not make the :o

Link to comment
Share on other sites

9 hours ago, knowledge said:

 

 

:clap:

 

Quote

Good article but when u read it they make u believe that Kasper is the only solution ;)

 

 

 

Link to comment
Share on other sites

Quote

Good article but when u read it they make u believe that Kasper is the only solution

 

its not what i mean i mean usa say Kaspersky  used hackers to get nsa files

but y Kaspersky  show  what the so called russian hackers are doing and how ?

Kaspersky is stoping there own hackers  ok if people say so must be right lol

 

but say it was part with NSA Exploit  so nsa again

Link to comment
Share on other sites

Quote

but say it was part with NSA Exploit  so nsa again

 

They only Uses Leaked 'EternalRomance' NSA Exploit to Spread.

And even though it's targeting Russia amogst others but it's hard to believe ;)

 

NSA is smarter then using it's own leaked Eternal to Specially attack Russia.

 

And the Kasper thing already had discussion abt before but still unclear in many ways.

Link to comment
Share on other sites

9 hours ago, 0bin said:
  Reveal hidden contents

 

Spoiler

???

 

Link to comment
Share on other sites

It's may be unknown yes! but it's obviously at the same time

Link to comment
Share on other sites

7 minutes ago, 0bin said:

I think that the election wasn't hacked. Instead people made their choice.

Now many people don't like Trump and give responsability to hackers,

is not right

no u is wrong russian hacked it all  and putin  did it all:o

 

Link to comment
Share on other sites

Quote

no u is wrong russian hacked it all  and putin  did it all:o

:tooth:

Quote

 

I doubt,

the only interest of Putin is keeping peace, in an already on the war edge world.

Is one of the more rational country leader I know, and would never do that.

 

I don't believe that they hacked the election latterly but for sure they did manipulate the Media.! read abt  ''UK and fb*

Link to comment
Share on other sites

if u not like the videos u are died inside  its what best real proof u have putin did it all  he is so good like james bond

Link to comment
Share on other sites

9 hours ago, 0bin said:

The social media manipulate people, you have a right example on this site with the Like button or the Ugly face button or the smile button.

People think good, bad, or be happy or sad because of a face :):(

 

I doubt is Russian, instead I think is inside country job.

Yes there is some truth in ur words cuz the big  head banks wannat trump to win as well but they were not enough !

and there WHERE the RUSSIAN PART of mission CAME IN!

Link to comment
Share on other sites

1 minute ago, 0bin said:

If you can proof me that Russian Hackers did it, I will believe you, and you must proof also that they were sponsored actors of Kremlin.

 

I doubt you will be able to proof anything, and I suggest is better avoid dig too much, sometime there is the WhiteRabbit at the end of the tunnel.

Follow the White Rabbit  will take u to good place  for sure

Link to comment
Share on other sites

2 minutes ago, 0bin said:

Not sure? :) Sometime is better mind own business.

 

I think following the white rabbit take me UnderGround, in a specific way.

no following the white rabbit  will take u to the real truth not made up things

Link to comment
Share on other sites

9 hours ago, 0bin said:

the truth only the people who created this climate and their commisioner know.

 

then maybe no need for discussion or news or any thing at !

Maybe we just follow their unknown truth instead .?

 

Link to comment
Share on other sites

9 hours ago, 0bin said:

Use scientific method, and don't trust anyone are the best tools you have. No need to listen anyone.

i don't believe All what i   listen or read!

Quote

Is what I will want, if I create a fake news.

So you are saying all news are fake,?

 

Are u the new Trump in here.?:tooth:

Link to comment
Share on other sites

Slow down guys, you are filling the XKS drives up with your drivel. :D

Link to comment
Share on other sites

9 hours ago, straycat19 said:

Slow down guys, you are filling the XKS drives up with your drivel. :D

lol  I believe  they call that passion .

to hell with XKS:cheers:

Link to comment
Share on other sites

Hop on, Average Rabbit: Latest extortionware menace flopped

 

The buck stops… somewhere in Ukraine, Turkey, Japan?

 

As the dust settles from Tuesday’s Bad Rabbit ransomware outbreak, it’s already clear that it is far less severe than the WannaCrypt and NotPetya infections from earlier this year.

 
Bad Rabbit claimed notable victims including the media agency Interfax and was largely contained in Russia and Ukraine, as previously reported.

 

According to ESET, 65 per cent of the victims are in Russia, 12.2 per cent in Ukraine. The nasty also hit some other Eastern European countries as well as Turkey and Japan.

 

Bad Rabbit spread from a network of compromised websites set up by the hackers in preparation for the attack. The dropper, which posed as a Flash Player installer, was downloaded by users when they visited infected websites through a drive-by download (a common hacker tactic). Carrier websites included argumentiru[.]com, which covers current affairs, news and celebrity gossip in Russia and its neighbours, among several others.

 

Bad Rabbit also attempted to spread to other machines on the same network using worm-like functionality.

 

Like NotPetya, Bad Rabbit made use of a custom version of the Mimikatz password recovery tool as well as SMB network shares to spread across machines on the same network.

 

Security experts found that Bad Rabbit did not use EternalBlue – the stolen and leaked NSA-created exploit previously abused by both NotPetya and WannaCry – to spread. Instead it relies on local password dumps, as well as a list of common passwords, in attempts to hop from an infected machine to other Windows PCs.

 

Once executed, the malicious code acted like a traditional ransomware, encrypting files before demanding a ransom to decrypt them – a relatively modest 0.05 BTC (around $280).

 

Infection attempts ceased and attacker infrastructure – both 1dnscontrol[.]com, the dropper delivery site, and sites containing the rogue code – were taken offline around six hours after the ransomware began spreading, according to a count by researchers at Cisco Talos.

 

Since Russia was the origin of the attack, by the time the US had woken up it had already been blocked by signature-based antivirus and identified by products that relied on generic or behaviour-based malware detection.

 

CrowdStrike’s analysis found that Bad Rabbit and NotPetya DLL (Dynamic Link Library) share 67 per cent of the same code, prompting speculation that the same group might be behind both attacks. This attribution is sketchy, at best. Bad Rabbit is similar to NotPetya in that it is also based on the earlier Petya ransomware. Major portions of the code appear to have been rewritten.

 

Recovery of infected machines might be difficult but not impossible. Some experts reason that the intent may have been disruption rather than the profit-making cybercrime associated with ransomware strains such as Locky.

 

“Bad Rabbit appears to be a disruption campaign designed to look like a ransomware campaign, similar to NotPetya and WannaCry,” commented Allan Liska, senior solutions architect at threat intel outfit Recorded Future.

 

Bootnote

 

The hackers behind the ransomware seem to be fans of Game of Thrones as the source code contains references to dragons from the popular TV series (Drogon, Rhaegal and Viserion). The as-yet unidentified crooks also allude to a human character, “GrayWorm”, as the product name for the .exe file.

 

http://gearsofbiz.com/hop-on-average-rabbit-latest-extortionware-menace-flopped/157252

Link to comment
Share on other sites

According to ESET, 65 per cent of the victims are in Russia, 12.2 per cent in Ukraine. The nasty also hit some other Eastern European countries as well as Turkey and Japan.

so was  not russia doing this

Link to comment
Share on other sites

Quote

Security experts found that Bad Rabbit did not use EternalBlue – the stolen and leaked NSA-created exploit previously abused by both NotPetya and WannaCry – to spread. Instead it relies on local password dumps, as well as a list of common passwords, in attempts to hop from an infected machine to other Windows PCs.

So the news in first page wasn't correct and NSA exploit had nothing to do with it .?

 

 

Quote

CrowdStrike’s analysis found that Bad Rabbit and NotPetya DLL (Dynamic Link Library) share 67 per cent of the same code, prompting speculation that the same group might be behind both attacks. This attribution is sketchy, at best. Bad Rabbit is similar to NotPetya in that it is also based on the earlier Petya ransomware. Major portions of the code appear to have been rewritten.

And it was indeed the same Russian GROUP 

:cheers:

 

 

Quote

Since Russia was the origin of the attack, by the time the US had woken up it had already been blocked by signature-based antivirus and identified by products that relied on generic or behaviour-based malware detection.

sEEM suspicious this part :rolleyes:@steven36

Link to comment
Share on other sites

17 minutes ago, hacker7 said:

And it was indeed the same Russian GROUP 

Unless  there is any proof of this it is totally speculation .

 

17 minutes ago, hacker7 said:

sEEM suspicious this part

Same thing happen with wantacry hardly no one in the USA hardly got infected ..  ransomware and malware  outbreaks happen all the time in the USA  most witch are for profit  it just depends  of  were the hacker attacks  1st  were  the most get infected and how fast vendors get the signatures .

 

Stop trying to make malware topics about  politics  and conspiracy theories  there is enough of this in the news already :lol:

Link to comment
Share on other sites

CrowdStrike’ lies all the time and have proof they lied about russian hacking befor

 

Link to comment
Share on other sites

9 minutes ago, knowledge said:

CrowdStrike’ lies all the time and have proof they lied about russian hacking befor

Always security firms try too blame on it somebody.. but in this day in age were  they use TOR and VPNs  they cant never  confirm  these hackers real location   . If they could get there real IP they would stop them. but they hardly  catch any hackers a group like this is just doing this for shits and giggles  too stir up  crap.  the old skool  way and not for profit would try too make people think they from some place they are  not .

Link to comment
Share on other sites

9 hours ago, steven36 said:

Unless  there is any proof of this it is totally speculation .

 

Same thing happen with wantacry hardly no one in the USA hardly got infected ..  ransomware and malware  outbreaks happen all the time in the USA  most witch are for profit  it just depends  of  were the hacker attacks  1st  were  the most get infected and how fast vendors get the signatures .

 

 

 

So if you would or had to speculate.? is it hard to believe that it's the same Russian hacker group attacking their own country and others to?B)

 

 

Quote

Stop trying to make malware topics about  politics  and conspiracy theories  there is enough of this in the news already :lol:

:ph34r:                                                                                                                                           

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...