BadRabbit: a virus called modified version NotPetya
MOSCOW, 25 Jul — RIA Novosti. Virus-cryptographer Bad Rabbit, attacked on Tuesday, Russian media and Ukrainian companies, is a modified version of the virus NotPetya, which hit the IT systems of organizations in several countries in June. This was reported on the website of the company Group-IB specializes in cybercrime investigations.
“The analysis found that BadRabbit is a modified version of NotPetya bug fixes in the encryption algorithm. BadRabbit code includes parts, repeats NotPetya”, — experts say.
NewsVirus-cryptographer Bad Rabbit: day two
It is noted that the connection of the attack with the use of BadRabbit with the previous attack NotPetya indicate coincidences in the code. In the current attack has changed the number of required process names, and the function to compute the hash was compiled as a separate function by the compiler.
The source of the spread of the virus
The specialists Group-IB has identified a domain name, where started the spread of the virus. Experts found out that the IP of the domain, distributing malicious software, is associated with five resources, the owners of which was the many other sites, including farm programs.
“The investigation showed that the distribution of malware were conducted with resource 1dnscontrol.com. Domain name 1dnscontrol.com IP 18.104.22.168”, — stated in the message on the website of the company.