ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	import "elf" rule BlackMatter_Linux { meta: author = "Andrey Zhdanov" company = "Group-IB" family = "ransomware.blackmatter.linux" description = "BlackMatter ransomware Linux payload" severity = 10 score = 100 strings: $h0 = { 0F B6 10 84 D2 74 19 0F B6 34 0F 40 38 F2 74 10 48 83 C1 01 31 F2 48 83 F9 20 88 10 49 0F 44 C9 48 83 C0 01 4C 39 C0 75 D7 } $h1 = { 44 42 46 44 C7 4? [1-2] 30 35 35 43 C7 4? [1-2] 2D 39 43 46 C7 4? [1-2] 32 2D 34 42 C7 4? [1-2] 42 38 2D 39 C7 4? [1-2] 30 38 45 2D C7 4? [1-2] 36 44 41 32 C7 4? [1-2] 32 33 32 31 C7 4? [1-2] 42 46 31 37 } condition: (uint32(0) == 0x464C457F) and ((1 of ($h*)) or for any i in (0 .. elf.number_of_sections - 2) : ( (elf.sections[i].name == ".app.version") and (elf.sections[i + 1].name == ".cfgETD") )) }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2021-03-11	82			The Darker Things