Title
Common Information
| Type | Value |
|---|---|
| UUID | 26149b41-84cf-45a3-9856-a9bf6c6f9cdf |
| Fingerprint | f2b0081847741dae69916e0abc210ab579f8f495c63acf0dbc983546812927d0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 2, 2021, 12:56 p.m. |
| Added to db | April 14, 2024, 2:50 a.m. |
| Last updated | Aug. 31, 2024, 6:17 a.m. |
| Headline | Title |
| Title | Title |
| Detected Hints/Tags/Attributes | 127/3/73 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 49 | cve-2018-8453 |
|
| Details | Domain | 1 | blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 2 | www.phe.gov |
|
| Details | Domain | 10 | paymenthacks.com |
|
| Details | Domain | 11 | mojobiden.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 9 | analyst1.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 35 | www.cnn.com |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 20 | intel.com |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | www.tesorion.nl |
|
| Details | Domain | 5 | siliconangle.com |
|
| Details | Domain | 45 | www.bankinfosecurity.com |
|
| Details | Domain | 4 | blog.knowbe4.com |
|
| Details | Domain | 99 | therecord.media |
|
| Details | Domain | 43 | www.cyberscoop.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 23 | hhs.gov |
|
| Details | Domain | 41 | www.hhs.gov |
|
| Details | 18 | hc3@hhs.gov |
||
| Details | File | 2 | protecting_sensitive_and_personal_information_from_ransomware-caused_data_breaches-508c.pdf |
|
| Details | File | 1 | hicp-main-508.pdf |
|
| Details | File | 816 | index.html |
|
| Details | File | 3 | operations.html |
|
| Details | Github username | 4 | advanced-threat-research |
|
| Details | md5 | 4 | 598c53bfef81e489375f09792e487f1a |
|
| Details | md5 | 2 | a55bc3368a10ca5a92c1c9ecae97ced9 |
|
| Details | md5 | 2 | ba375d0625001102fc1f2ccb6f582d91 |
|
| Details | md5 | 1 | b06e2455a9c7c9485b85e9bdcceb8078 |
|
| Details | md5 | 2 | 605d939941c5df2df5dbfb8ad84cfed4 |
|
| Details | md5 | 2 | 3f9a28e8c057e7ea7ccf15a4db81f362 |
|
| Details | IPv4 | 3 | 131.107.255.255 |
|
| Details | IPv4 | 2 | 206.188.197.206 |
|
| Details | IPv4 | 2 | 51.79.243.236 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 57 | T1497.003 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 197 | T1489 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | Url | 2 | https://www.cisa.gov/sites/default/files/publications/cisa_fact_sheet- |
|
| Details | Url | 1 | https://www.phe.gov/preparedness/planning/405d/documents/hicp-main-508.pdf |
|
| Details | Url | 2 | https://www.bleepingcomputer.com/news/security/blackmatter- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets- |
|
| Details | Url | 1 | https://analyst1.com/whitepaper/nation-state-and-ransomware |
|
| Details | Url | 2 | https://github.com/advanced-threat-research/darkside-config-extract |
|
| Details | Url | 1 | https://us-cert.cisa.gov/ncas/alerts/aa21-131a |
|
| Details | Url | 1 | https://www.cnn.com/2021/08/04/politics/neuberger- |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware- |
|
| Details | Url | 1 | https://www.flashpoint |
|
| Details | Url | 1 | https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2021/08/09/blackmatter-ransomware-emerges-from-the-shadow-of- |
|
| Details | Url | 1 | https://www.securityweek.com/darkside-ransomware-shutdown-exit-scam-or-running-hills |
|
| Details | Url | 1 | https://www.recordedfuture.com/blackmatter-ransomware-protection |
|
| Details | Url | 1 | https://www.tesorion.nl/en/posts/analysis-of-the-blackmatter-ransomware |
|
| Details | Url | 1 | https://siliconangle.com/2021/08/02/initial-access-brokers-lead-ransomware-efforts-selling- |
|
| Details | Url | 1 | https://www.bankinfosecurity.com/blogs/secrets-lies-games-ransomware-attackers-play-p-3076 |
|
| Details | Url | 1 | https://www.bankinfosecurity.com/revil-ransomware-operation-returning-as-blackmatter-a-17160 |
|
| Details | Url | 1 | https://www.bankinfosecurity.com/blogs/blackmatter-ransomware-appears-to-be-spawn-darkside-p-3075 |
|
| Details | Url | 1 | https://blog.knowbe4.com/darkside-ransomware-returns-as-blackmatter-after-sudden- |
|
| Details | Url | 1 | https://therecord.media/an-interview-with-blackmatter-a- |
|
| Details | Url | 1 | https://www.cyberscoop.com/blackmatter-darkside-revil-ransomware-successor |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-trends-lockbit- |
|
| Details | Url | 1 | https://blog.group-ib.com/blackmatter |