VERY IMPORTANT

BadRabbit is distributed as a fake flash update, and reportedly using Mimikatz, the Eternal Romance exploit, and a list of passwords to spread via SMB in a worm-like fashion. So far the damage does not seem as wide spread as WannaCry or NotPetya. Thanks to Bulwarkz for additional Forensic Analysis: - Clears the windows event log - Clears the journal log - Drops executables to the windows directory and starts them - Shows the ability to spread by using its contained functionality to enumerate network shares of other (attached) devices - Uses shutdown.exe to shutdown or reboot the system - Contains functionality to register a low level keyboard hook - Contains functionality to infect the boot sector. Dropped files appear to be kernel level key loggers