{
	"id": "e118c654-21b5-4d4d-926a-ff00abcea3a4",
	"created_at": "2026-04-06T00:06:31.090751Z",
	"updated_at": "2026-04-10T13:11:53.945761Z",
	"deleted_at": null,
	"sha1_hash": "7139a4a25d0f5701f0451e01fa0e615c2c3f8391",
	"title": "BadRabbit Ransomware, Linked to NotPetya Outbreak, Sweeps Russia and Ukraine",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2574647,
	"plain_text": "BadRabbit Ransomware, Linked to NotPetya Outbreak, Sweeps\r\nRussia and Ukraine\r\nBy Andy Greenberg\r\nPublished: 2017-10-24 · Archived: 2026-04-05 15:50:48 UTC\r\n\"BadRabbit,\" linked to the authors of NotPetya, hits hundreds of victims, including subways, an airport, and\r\nmedia firms.\r\nGetty Images\r\nJust four months ago, a massive ransomware attack known as NotPetya ripped through Ukraine, Russia, and some\r\nmultinational companies, infecting thousands of networks and eventually causing hundreds of millions of dollars\r\nin damages. Now, an apparent aftershock of that attack is reverberating through the region, as a new variant of that\r\ncode locks up hundreds of machines and handicaps infrastructure.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/\r\nPage 1 of 3\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nhttps://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/\r\nPage 2 of 3\n\nAndy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author\r\nof the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New\r\nEra of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nSource: https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/\r\nhttps://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/"
	],
	"report_names": [
		"badrabbit-ransomware-notpetya-russia-ukraine"
	],
	"threat_actors": [
		{
			"id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df",
			"created_at": "2023-01-06T13:46:38.402513Z",
			"updated_at": "2026-04-10T02:00:02.959797Z",
			"deleted_at": null,
			"main_name": "Sandworm",
			"aliases": [
				"IRIDIUM",
				"Blue Echidna",
				"VOODOO BEAR",
				"FROZENBARENTS",
				"UAC-0113",
				"Seashell Blizzard",
				"UAC-0082",
				"APT44",
				"Quedagh",
				"TEMP.Noble",
				"IRON VIKING",
				"G0034",
				"ELECTRUM",
				"TeleBots"
			],
			"source_name": "MISPGALAXY:Sandworm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7bd810cb-d674-4763-86eb-2cc182d24ea0",
			"created_at": "2022-10-25T16:07:24.1537Z",
			"updated_at": "2026-04-10T02:00:04.883793Z",
			"deleted_at": null,
			"main_name": "Sandworm Team",
			"aliases": [
				"APT 44",
				"ATK 14",
				"BE2",
				"Blue Echidna",
				"CTG-7263",
				"FROZENBARENTS",
				"G0034",
				"Grey Tornado",
				"IRIDIUM",
				"Iron Viking",
				"Quedagh",
				"Razing Ursa",
				"Sandworm",
				"Sandworm Team",
				"Seashell Blizzard",
				"TEMP.Noble",
				"UAC-0082",
				"UAC-0113",
				"UAC-0125",
				"UAC-0133",
				"Voodoo Bear"
			],
			"source_name": "ETDA:Sandworm Team",
			"tools": [
				"AWFULSHRED",
				"ArguePatch",
				"BIASBOAT",
				"Black Energy",
				"BlackEnergy",
				"CaddyWiper",
				"Colibri Loader",
				"Cyclops Blink",
				"CyclopsBlink",
				"DCRat",
				"DarkCrystal RAT",
				"Fobushell",
				"GOSSIPFLOW",
				"Gcat",
				"IcyWell",
				"Industroyer2",
				"JaguarBlade",
				"JuicyPotato",
				"Kapeka",
				"KillDisk.NCX",
				"LOADGRIP",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"ORCSHRED",
				"P.A.S.",
				"PassKillDisk",
				"Pitvotnacci",
				"PsList",
				"QUEUESEED",
				"RansomBoggs",
				"RottenPotato",
				"SOLOSHRED",
				"SwiftSlicer",
				"VPNFilter",
				"Warzone",
				"Warzone RAT",
				"Weevly"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775433991,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7139a4a25d0f5701f0451e01fa0e615c2c3f8391.pdf",
		"text": "https://archive.orkl.eu/7139a4a25d0f5701f0451e01fa0e615c2c3f8391.txt",
		"img": "https://archive.orkl.eu/7139a4a25d0f5701f0451e01fa0e615c2c3f8391.jpg"
	}
}