:: CAUTION ::
bin.tar is a compressed file containing suspect BadRabbit binary files. Use with caution.
BadRabbit .onion payment site: caforssztxqzf2nm.onion
/index.html - main page
/js/all_js.js - obf javascript attached to index.html
- plaintextpayload.js (possible clear text version of above)
/js/all_lib.js - standard bootstrap and json JS
/js/all_js.js contained a website link / IP address:
http://185.149.120.3/scholargoogle/
BadRabbit dropper site:
A source[1] describes binary files making calls to this website
http://1dnscontrol[.]com/flash_install.php
Sources: [1] https://securelist.com/bad-rabbit-ransomware/82851/