Talos assesses with high confidence that a fake Flash Player update is being delivered via a drive-by-download and compromising systems. The malware appears to have been active for approximately six hours before the server 1dnscontrol[.]com was taken down. The dropper (630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da) requires a user to facilitate the infection and does not use any exploit to compromise the system directly.”]
Source: https://blog.talosintelligence.com/2017/10/bad-rabbit.html