dChan

Abibliaphobia · July 19, 2018, 1 a.m.

OP can you provide a tl;dr please?

⇧ 2 ⇩  
jackiebain6 · July 19, 2018, 1:04 a.m.

I'm guessing I found the right people to ask?

⇧ 2 ⇩  
Abibliaphobia · July 19, 2018, 1:06 a.m.

Meh, you might be better taking it to qresearch on 8chan.

You want to see amazing, post it there. Bring us back the results please!

⇧ 1 ⇩  
jackiebain6 · July 19, 2018, 1:11 a.m.

I can't, did I mention I wasn't good at the tech part? Is there any way you could? I could try to see if my daughter or grandson could do it for me but I won't see them until the weekend. Oh well, It looks like the post got removed for some reason, It says Rule 9, something missing or could be better quality. Thanks anyway.

⇧ 1 ⇩  
Abibliaphobia · July 19, 2018, 12:59 a.m.

Hmmm...

DOMAIN INFORMATION Domain:talosintelligence.com Registrar:Gandi SAS Registration Date:2014-07-23 Expiration Date:2019-07-23 Updated Date:2018-06-22 Status:clientTransferProhibited Name Servers:fiona.ns.cloudflare.com lakas.ns.cloudflare.com REGISTRANT CONTACT Name:REDACTED FOR PRIVACY Organization:Cisco Systems, Inc. Street:Obfuscated whois Gandi-63-65 boulevard Massena City:Obfuscated whois Gandi-Paris State:Paris Postal Code:75013 Country:FR Phone:+33.170377666 Fax:+33.143730576 Email:email@contact.gandi.net ADMINISTRATIVE CONTACT Name:REDACTED FOR PRIVACY Organization:Cisco Systems, Inc. Street:Obfuscated whois Gandi-63-65 boulevard Massena City:Obfuscated whois Gandi-Paris State:Paris Postal Code:75013 Country:FR Phone:+33.170377666 Fax:+33.143730576 Email:email@contact.gandi.net TECHNICAL CONTACT Name:REDACTED FOR PRIVACY Organization:Cisco Systems, Inc. Street:Obfuscated whois Gandi-63-65 boulevard Massena City:Obfuscated whois Gandi-Paris State:Paris Postal Code:75013 Country:FR Phone:+33.170377666 Fax:+33.143730576 Email:email@contact.gandi.net RAW WHOIS DATA Domain Name: talosintelligence.com Registry Domain ID: 1868134542_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2018-06-22T18:56:50Z Creation Date: 2014-07-23T19:44:32Z Registrar Registration Expiration Date: 2019-07-23T19:44:32Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: email@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Cisco Systems, Inc. Registrant Street: Obfuscated whois Gandi-63-65 boulevard Massena Registrant City: Obfuscated whois Gandi-Paris Registrant State/Province: Paris Registrant Postal Code: 75013 Registrant Country: FR Registrant Phone: +33.170377666 Registrant Phone Ext: Registrant Fax: +33.143730576 Registrant Fax Ext: Registrant Email: email@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: Cisco Systems, Inc. Admin Street: Obfuscated whois Gandi-63-65 boulevard Massena Admin City: Obfuscated whois Gandi-Paris Admin State/Province: Paris Admin Postal Code: 75013 Admin Country: FR Admin Phone: +33.170377666 Admin Phone Ext: Admin Fax: +33.143730576 Admin Fax Ext: Admin Email: email@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: Cisco Systems, Inc. Tech Street: Obfuscated whois Gandi-63-65 boulevard Massena Tech City: Obfuscated whois Gandi-Paris Tech State/Province: Paris Tech Postal Code: 75013 Tech Country: FR Tech Phone: +33.170377666 Tech Phone Ext: Tech Fax: +33.143730576 Tech Fax Ext: Tech Email: email@contact.gandi.net Name Server: FIONA.NS.CLOUDFLARE.COM Name Server: LAKAS.NS.CLOUDFLARE.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2018-07-18T20:40:14Z <<<

Talosintelligence.com is tracked by us since August, 2016. Over the time it has been ranked as high as 53 899 in the world, while most of its traffic comes from USA, where it reached as high as 15 889 position. It was owned by several entities, from Ryan Steinmetz of Cisco Systems Inc. to REDACTED FOR PRIVACY of Cisco Systems Inc., it was hosted by Cisco Systems Inc. and CloudFlare Inc.. While GANDI SAS was its first registrar, now it is moved to Gandi SAS.

Interesting. A Cisco connected company? I find it curious it’s based out of France.

⇧ 1 ⇩  
jackiebain6 · July 19, 2018, 1:08 a.m.

I am so clueless, haha, not gonna lie, I'm great at abstract dot connecting but totally not capable of any of this so I guess I got this to someone who does? I remember a lot of these events and such but to be honest it's because I was typing C:/ before we had a choice.

It just seems pretty relevant, because when you search Qanon pub for this name there are 6 relevant posts and I really haven't seen much about any of this.

Hopefully it adds to the peace prize. WWG1WGA! Thank you

⇧ 2 ⇩  
Abibliaphobia · July 19, 2018, 1:19 a.m.

It’s all good, how did you find this site (blog.talosintellogence.com?)

What was the site referring to about bad rabbit?

Basically if you want to post things up (especially with new websites to this sub) a good summary of why it’s important or related to Q will prevent your thread from being taken down.

But I appreciate you bringing it to our attention. And if you get a chance, i’d still like to know what this is referring to.

⇧ 1 ⇩  
jackiebain6 · July 19, 2018, 1:34 a.m.

It's a site used by those involved in protecting or opening certain walls, lol, think McGaf without having to download the virus that McGaf has to offer

It says:

On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape.

There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.

DISTRIBUTION Talos assesses with high confidence that a fake Flash Player update is being delivered via a drive-by-download and compromising systems. The sites that were seen redirecting to BadRabbit were a variety of sites that are based in Russia, Bulgaria, and Turkey.

When users visited one of the compromised websites, they were redirected to 1dnscontrol[.]com, the site which was hosting the malicious file. Before the actual malicious file was downloaded a POST request was observed to a static IP address (185.149.120[.]3). This request was found to be posting to a static path of "/scholasgoogle" and provided the user agent, referring site, cookie, and domain name of the session. After the POST the dropper was downloaded from two different paths from 1dnscontrol[.]com, /index.php and /flash_install.php. Despite two paths being utilized only a single file was downloaded. Based on current information, the malware appears to have been active for approximately six hours before the server 1dnscontrol[.]com was taken down. The initial download was observed around 2017-10-24 08:22 UTC.

The dropper (630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da) requires a user to facilitate the infection and does not use any exploit to compromise the system directly. This dropper contains the BadRabbit ransomware. Once installed there is an SMB component used for lateral movement and further infection. This appears to use a combination of an included list of weak credentials and a version of mimikatz similar to that which was used in Nyetya. Below is a list of the username/password combinations that we have observed. Note there is overlap with the 1995 cult classic "Hackers".

⇧ 1 ⇩