This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like …
Search Results for: blackbasta
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
Intel-Ops
·
Follow
9 min read ·
Mar 5, 2024
—
On February 29th 2024, CISA released an advisory on Phobos ransomware.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Intel-Ops is actively tracking infrastructure assessed to …
Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi. There …
FIN7 is an intrusion set operating since at least 2015. The group is known to be structured as a corporate business composed of Russian-speaking members. FIN7 …
Qakbot (aka QBot or Pinkslipbot) is a malware trojan that has been used to operate one of the oldest and longest running cybercriminal enterprises. Qakbot has evolved from a …
Throughout Q2 and Q3 2023, Kroll has observed an increased use of the malicious “SYSTEMBC” tool to maintain access in a compromised network. SYSTEMBC was first observed in the wild …
Resecurity has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations …
SystemBC, also known as Coroxy or DroxiDat, is a malware categorized as Proxy malware, a Bot, a backdoor, and even a RAT, as its uses can be diverse depending on …
The Halcyon Research and Engineering Team has published new research that details novel techniques used to unmask yet another Ransomware Economy player that is facilitating ransomware attacks and state-sponsored APT …
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims …
The Trickbot/Conti Crypters: Where Are They Now?
blog we published last May. One year on, ITG23 has experienced many organizational changes, splintering into factions and forging new relationships. Despite these …
Ex-Conti and FIN7 Actors Collaborate with New Backdoor
Dave Loader, which we have linked to the Trickbot/Conti syndicate and its former members. Minodo’s code shows overlap with the Lizar (aka …
Written by Jon DiMaggio.
Table of Contents
I gotta story to tell…
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang …
The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year. Its ransomware, which the group deploys through different TTPs, has impacted multiple …
By Antonio Cocomazzi and Antonio Pirozzi
Executive Summary SentinelLabs researchers describe Black Basta operational TTPs in full detail, revealing previously unknown tools and techniques. SentinelLabs assesses it is highly likely…By: Jason Reaves
There have been a few reports on how to decrypt Brute Ratels[1] configuration data along with a few decryptors created[2,3]. However, the developer added in the release …
As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year. The ransomware business continues to …
We look into a recent attack orchestrated by the Black Basta ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of …
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics.
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it …