202311061700_BlackSuit Ransomware Analyst Note_TLPCLEAR
Show in Graph
Image Description
Common Information
Type Value
UUID af505c40-484d-4067-ba3c-0a4a48944c09
Fingerprint eb3e1f68aca833461aa0577cd1108185f16fec158d1e5864783efea6f5cf205b
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 6, 2023, 3:04 p.m.
Added to db March 10, 2024, 3:49 a.m.
Last updated Aug. 31, 2024, 7:52 a.m.
Headline 202311061700_BlackSuit Ransomware Analyst Note_TLPCLEAR
Title 202311061700_BlackSuit Ransomware Analyst Note_TLPCLEAR
Detected Hints/Tags/Attributes 126/4/58
Source URLs
Redirection Url
Details Source https://www.hhs.gov/sites/default/files/blacksuit-ransomware-analyst-note-tlpclear.pdf
URL Provider
Details Provider Source level domain
Details hhs.gov www.hhs.gov
Attributes
Details Type #Events CTI Value
Details Domain 41 
www.hhs.gov
Details Domain 251 
www.bleepingcomputer.com
Details Domain 55 
otx.alienvault.com
Details Domain 25 
cyble.com
Details Domain 1 
www.alvaka.net
Details Domain 604 
www.trendmicro.com
Details Domain 1 
www.jamaicaobserver.com
Details Domain 99 
therecord.media
Details Domain 73 
databreaches.net
Details Domain 25 
www.databreaches.net
Details Domain 280 
thehackernews.com
Details Domain 12 
www.pcrisk.com
Details Domain 3 
www.salvagedata.com
Details Domain 20 
www.comparitech.com
Details Domain 26 
thecyberexpress.com
Details Domain 7 
www.axios.com
Details Domain 23 
hhs.gov
Details Email 18 
hc3@hhs.gov
Details File 1 
blaclsuit.txt
Details File 10 
blacksuit.txt
Details File 1 
royal.html
Details File 104 
www.dat
Details File 1 
blacksuit.html
Details md5 2 
2902e12f00a185471b619233ee8631f3
Details md5 2 
4f813698141cb7144786cdc6f629a92b
Details md5 3 
748de52961d2f182d47e88d736f6c835
Details md5 3 
9656cd12e3a85b869ad90a0528ca026e
Details sha1 3 
30cc7724be4a09d5bcd9254197af05e9fab76455
Details sha1 2 
69feda9188dbebc2d2efec5926eb2af23ab78c5d
Details sha1 2 
7e7f666a6839abe1b2cc76176516f54e46a2d453
Details sha1 3 
861793c4e0d4a92844994b640cc6bc3e20944a73
Details sha256 7 
1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e
Details sha256 5 
4d7f6c6a051ecb1f8410243cd6941b339570165ebcfd3cc7db48d2a924874e99
Details sha256 7 
90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c
Details sha256 4 
6ac8e7384767d1cb6792e62e09efc31a07398ca2043652ab11c090e6a585b310
Details sha256 9 
b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 276 
T1490
Details Url 1 
https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-
Details Url 1 
https://otx.alienvault.com/pulse/647f01fd5dd3c8a8ff27730f
Details Url 1 
https://cyble.com/blog/blacksuit-ransomware-strikes-windows-and-linux-users
Details Url 1 
https://www.alvaka.net/blacksuit-ransomware-targeting-linux-and-windows
Details Url 1 
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-
Details Url 1 
https://www.jamaicaobserver.com/business/fsc-leak
Details Url 1 
https://therecord.media/tampa-zoo-targeted-in-cyberattack
Details Url 1 
https://www.databreaches.net/in-
Details Url 1 
https://thehackernews.com/2023/06/new-linux-ransomware-strain-
Details Url 2 
https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-
Details Url 1 
https://www.pcrisk.com/removal-guides/26646-blacksuit-ransomware
Details Url 1 
https://www.salvagedata.com/blacksuit-ransomware
Details Url 1 
https://www.comparitech.com/blog/information-security/global-ransomware-attacks
Details Url 2 
https://thecyberexpress.com/government-of-brazil-cyberattack-by-blacksuit
Details Url 1 
https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking