202212121500_BlackCat Analyst Note _TLPCLEAR
Common Information
| Type | Value |
|---|---|
| UUID | bb625f0f-f49f-409b-a0e2-8516f18ca7b4 |
| Fingerprint | 52efd1c5b975e43264a9f9f1695fcc1538ad7ea87038c9ac8844830eb5fe592d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 12, 2022, 2:05 p.m. |
| Added to db | June 2, 2024, 10:59 a.m. |
| Last updated | Aug. 31, 2024, 7:16 a.m. |
| Headline | 202212121500_BlackCat Analyst Note _TLPCLEAR |
| Title | 202212121500_BlackCat Analyst Note _TLPCLEAR |
| Detected Hints/Tags/Attributes | 253/3/136 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.hhs.gov/sites/default/files/blackcat-analyst-note.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 168 | cve-2021-34473 |
|
| Details | CVE | 143 | cve-2021-31207 |
|
| Details | Domain | 41 | www.hhs.gov |
|
| Details | Domain | 1 | alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion.ly |
|
| Details | Domain | 13 | securityscorecard.com |
|
| Details | Domain | 55 | otx.alienvault.com |
|
| Details | Domain | 167 | www.ic3.gov |
|
| Details | Domain | 6 | www.advintel.io |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 47 | intel471.com |
|
| Details | Domain | 20 | www.techradar.com |
|
| Details | Domain | 133 | www.infosecurity-magazine.com |
|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 14 | resecurity.com |
|
| Details | Domain | 24 | duo.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 138 | www.darkreading.com |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 12 | thecyberwire.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 59 | www.cybereason.com |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 1 | titan.intel471.com |
|
| Details | Domain | 99 | therecord.media |
|
| Details | Domain | 23 | hhs.gov |
|
| Details | 18 | hc3@hhs.gov |
||
| Details | File | 4 | 220420.pdf |
|
| Details | File | 384 | www.inf |
|
| Details | File | 1 | an-investigation-of-the-blackcat-ransomware.html |
|
| Details | File | 1 | from-blackmatter-to-blackcat-analyzing.html |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 69 | comsvcs.dll |
|
| Details | md5 | 1 | aff92438c62c32c3a6a4835d7a62a94c |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 191 | T1133 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |
|
| Details | MITRE ATT&CK Techniques | 174 | T1569.002 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1505 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1548.002 |
|
| Details | MITRE ATT&CK Techniques | 24 | T1134.002 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 238 | T1497 |
|
| Details | MITRE ATT&CK Techniques | 92 | T1070.001 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 113 | T1552 |
|
| Details | MITRE ATT&CK Techniques | 172 | T1555 |
|
| Details | MITRE ATT&CK Techniques | 243 | T1018 |
|
| Details | MITRE ATT&CK Techniques | 74 | T1069.002 |
|
| Details | MITRE ATT&CK Techniques | 72 | T1087.001 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1087.002 |
|
| Details | MITRE ATT&CK Techniques | 124 | T1482 |
|
| Details | MITRE ATT&CK Techniques | 168 | T1046 |
|
| Details | MITRE ATT&CK Techniques | 176 | T1135 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1007 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1021.001 |
|
| Details | MITRE ATT&CK Techniques | 139 | T1021.002 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1021.004 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1570 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1560.001 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1039 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1074 |
|
| Details | MITRE ATT&CK Techniques | 111 | T1119 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 95 | T1572 |
|
| Details | MITRE ATT&CK Techniques | 163 | T1573 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1219 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1048.002 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1567.002 |
|
| Details | MITRE ATT&CK Techniques | 102 | T1020 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1030 |
|
| Details | MITRE ATT&CK Techniques | 197 | T1489 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 58 | T1498 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |
|
| Details | Threat Actor Identifier - FIN | 42 | FIN12 |
|
| Details | Url | 1 | https://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion.ly |
|
| Details | Url | 1 | https://securityscorecard.com/research/deep-dive-into-alphv-blackcat-ransomware |
|
| Details | Url | 1 | https://otx.alienvault.com/pulse/62960d2bab11f2124cb4962e |
|
| Details | Url | 4 | https://www.ic3.gov/media/news/2022/220420.pdf |
|
| Details | Url | 1 | https://www.advintel.io/post/blackcat-in-a-shifting-threat-landscape-it-helps-to-land-on-your-feet- |
|
| Details | Url | 1 | https://www.advintel.io/post/blackcat-in-a-shifting-threat-landscape-it-helps-to-land-on-your-feet-tech-dive |
|
| Details | Url | 1 | https://blog.group-ib.com/blackcat |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/blackcat-ransomware-s-data-exfiltration-tool-gets-an- |
|
| Details | Url | 1 | https://intel471.com/resources/whitepapers/leading-ransomware-variants-q3-2022 |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware- |
|
| Details | Url | 1 | https://www.kroll.com/en/insights/publications/cyber/analyzing-exmatter-ransomware-data-exfiltration- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/emotet-botnet-now-pushes-quantum-and-blackcat- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas- |
|
| Details | Url | 1 | https://www.techradar.com/news/blackcat-ransomware-could-be-about-to-get-a-whole-lot-nastier |
|
| Details | Url | 1 | https://www.infosecurity-magazine.com/news/blackcat-ransomware-group-pen-test |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of- |
|
| Details | Url | 1 | https://resecurity.com/blog/article/blackcat-aka-alphv-ransomware-is-increasing-stakes-up-to-25m-in- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to- |
|
| Details | Url | 1 | https://duo.com/decipher/prolific-affiliate-threat-groups-linked-to-blackcat-ransomware |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy- |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware |
|
| Details | Url | 1 | https://duo.com/decipher/novel-blackcat-ransomware-tactic-speeds-up-encryption-process |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/fbi-blackcat-ransomware-breached-at-least-60- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html |
|
| Details | Url | 1 | https://www.darkreading.com/attacks-breaches/blackcat-purveyor-shows-ransomware-operators-have- |
|
| Details | Url | 1 | https://www.securityweek.com/blackcat-ransomware-targets-industrial-companies |
|
| Details | Url | 1 | https://securelist.com/a-bad-luck-blackcat/106254 |
|
| Details | Url | 1 | https://thecyberwire.com/podcasts/research-briefing/109/notes |
|
| Details | Url | 1 | http://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html |
|
| Details | Url | 1 | https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware |
|
| Details | Url | 1 | https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261 |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter- |
|
| Details | Url | 1 | https://therecord.media/an-alphv-blackcat-representative-discusses-the-groups-plans-for-a-ransomware- |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/blackcat-ransomware |
|
| Details | Url | 2 | https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain |
|
| Details | Url | 1 | https://titan.intel471.com/report/inforep/aff92438c62c32c3a6a4835d7a62a94c |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated- |
|
| Details | Url | 1 | https://therecord.media/alphv-blackcat-is-the-first-professional-ransomware-gang-to-use-rust |
|
| Details | Url | 1 | https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data |