This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Software: Bad Rabbit, Diskcoder.D
Jump to navigation
Jump to search
| Bad Rabbit, Diskcoder.D | |
|---|---|
| Software | |
| ID | S0005 |
| Aliases | Bad Rabbit, Diskcoder.D |
| Type | Malware |
Bad Rabbit is a self-propagating (“wormable”) ransomware that affected the transportation sector in Ukraine.1
Associated Software Descriptions
Techniques Used
- Drive-by Compromise - Bad Rabbit ransomware spreads through drive-by attacks where insecure websites are compromised. While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure.2
- Exploitation of Remote Services - Bad Rabbit initially infected IT networks, but by means of an exploit (particularly the SMBv1-targeting MS17-010 vulnerability) spread to industrial networks.3
- Lateral Tool Transfer - Bad Rabbit can move laterally through industrial networks by means of the SMB service.3
- Loss of Productivity and Revenue - Several transportation organizations in Ukraine have suffered from being infected by Bad Rabbit, resulting in some computers becoming encrypted, according to media reports.1
- User Execution - Bad Rabbit is disguised as an Adobe Flash installer. When the file is opened it starts locking the infected computer.2
References
