New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Modified Version of Christchurch Manifesto.

On March 15th, 2019 two terrorists’ attacks happened at mosques in Chistchurch New Zealand killing 50 people and injuring 50 others. One attacker, who is a 28-year-old man from Australia, authored a manifesto named “the Great Replacement”. This manifesto has been available for download on multiple websites. Most of the sites that hosted this document have subsequently removed it from distribution due to it being deemed illegal by the New Zealand Government. There is now a modified version is being circulated that is a threat to computers.


This new version has what is called a “Trojan Haka”. A Trojan Haka is just another version of malware that we all deal with. What this version of malware does is to overwrite the master boot record (MBR) so that when you start your system a message saying “This Is Not Us” is displayed. The MBR is the information in the first section of your hard drive that identifies where an operating system is located so it can be loaded.  Fortunately, this new malware is nothing but an inconvenience. The originators of this hack are not asking for money, nor are they trying to destroy your files.

Analyst Notes

Initial recommendation, due to questionable nature of the document, is to not view or download any version of the manifesto. If you have downloaded this weaponized version there is an easy way to restore your computer to normal. By using another working computer, it is possible to create a Windows recovery disk or a Windows 10 installation disc which will allow you to run commands on the system with the corrupted MBR. There are many guides online that can walk you through this process. Once a command prompt has been opened, simply type “bootrec.exe /fixmbr” without the quotes. Running this command should return your computer to normal operation. If you are already running a Windows 10 system, the system may even detect the issue on its own and offer an automatic repair option.