Delaware, USA – October 25, 2017 – Bad Rabbit Detector for ArcSight, QRadar and Splunk is released. You can download this SIEM case for free from Use Case Cloud. It contains all known Indicators of Compromise to detect the malicious activity of Bad Rabbit Ransomware worm.
This threat was used to commit cyber-attacks on multiple organizations in worldwide on October 24, 2017. Bad Rabbit is an advanced ransomware that leverages Mimikatz tool for Credential Dumping and SMB shares and WMI for Lateral Movement. Bad Rabbit is delivered via phishing emails or compromised websites that offer to install a fake Flash player update. Since the attack has worm capabilities and distributes quickly it is highly advised to deploy proactive threat detection controls in SIEM technologies and deploy temporary vaccination configurations on Windows host systems. More information about this threat, you can find in the article on our blog.
Get use case for ArcSight – https://ucl.socprime.com/use-case-library/info/469/
Get use case for QRadar – https://ucl.socprime.com/use-case-library/info/470/
Get use case for Splunk – https://ucl.socprime.com/use-case-library/info/471/