From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting
Tags
cmtmf-attack-pattern: Application Layer Protocol
country: Brazil Romania Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Models Acquire Infrastructure - T1583 Active Scanning - T1595 Adversary-In-The-Middle - T1557 Application Layer Protocol - T1437 Client Configurations - T1592.004 Cloud Accounts - T1078.004 Cloud Accounts - T1585.003 Cloud Accounts - T1586.003 Credentials - T1589.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Cloud Storage - T1530 Data Manipulation - T1565 Domain Groups - T1069.002 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploitation Of Remote Services - T1428 Exploitation For Privilege Escalation - T1404 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Gather Victim Host Information - T1592 Gather Victim Network Information - T1590 Ip Addresses - T1590.005 Lateral Tool Transfer - T1570 Llmnr/Nbt-Ns Poisoning And Smb Relay - T1557.001 Malware - T1587.001 Malware - T1588.001 Network Service Scanning - T1423 Pass The Hash - T1550.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rdp Hijacking - T1563.002 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Remote Service Session Hijacking - T1563 Rename System Utilities - T1036.003 Scanning Ip Blocks - T1595.001 Security Account Manager - T1003.002 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Service Execution - T1569.002 Service Stop - T1489 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Ssh - T1021.004 Stored Data Manipulation - T1565.001 Stored Data Manipulation - T1492 System Services - T1569 Windows Remote Management - T1021.006 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Use Alternate Authentication Material - T1550 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Browser Extensions - T1176 Brute Force - T1110 Connection Proxy - T1090 Data Staged - T1074 Email Collection - T1114 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 Exploitation Of Remote Services - T1210 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Masquerading - T1036 Network Service Scanning - T1046 Network Share Discovery - T1135 Pass The Hash - T1075 Permission Groups Discovery - T1069 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Scheduled Transfer - T1029 Service Execution - T1035 Windows Remote Management - T1028 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Taint Shared Content - T1080 Web Shell - T1100 Alarm Suppression Automated Collection Block Command Message Block Reporting Message Brute Force I/O Data Destruction Exploitation Of Remote Services Modify Alarm Settings Modify Control Logic Modify Parameter Network Service Scanning Remote System Discovery Service Stop Valid Accounts
Show in Graph
Common Information
Type Value
UUID 1673acb4-e340-4dff-8b92-de6fc20005a8
Fingerprint b76f2e1899698470
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 16, 2024, 6:46 p.m.
Added to db Nov. 16, 2024, 8:06 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime
Title From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting
Detected Hints/Tags/Attributes 213/4/90
Source URLs
Redirection Url
Details Source https://nationalcybersecurity.com/from-royal-to-blacksuit-understanding-the-tactics-and-impact-of-a-sophisticated-ransomware-strain-ransomware-cybercrime/?utm_source=rss&utm_medium=rss&utm_campaign=from-royal-to-blacksuit-understanding-the-tactics-and-impact-of-a-sophisticated-ransomware-strain-ransomware-cybercrime
URL Provider
Details Provider Source level domain
Details nationalcybersecurity.com nationalcybersecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 6 National Cyber Security Consulting http://nationalcybersecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
mystuff.bublup.com
Details Domain 1 
bublup-media-production.s3.amazonaws.com
Details Domain 124 
www.sentinelone.com
Details Domain 280 
thehackernews.com
Details Domain 32 
www.techtarget.com
Details Domain 99 
therecord.media
Details Domain 26 
thecyberexpress.com
Details Domain 469 
www.cisa.gov
Details File 1 
zzza.exe
Details File 1 
socks5.ps1
Details File 10 
blacksuit.txt
Details File 1 
fbi-and-cisa-warn-of-blacksuit.html
Details IPv4 1 
173.251.109.106
Details IPv4 1 
216.151.180.147
Details IPv4 3 
137.220.61.94
Details MITRE ATT&CK Techniques 112 
T1098
Details MITRE ATT&CK Techniques 1 
T0878
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 111 
T1119
Details MITRE ATT&CK Techniques 3 
T0803
Details MITRE ATT&CK Techniques 7 
T0804
Details MITRE ATT&CK Techniques 30 
T1176
Details MITRE ATT&CK Techniques 5 
T0806
Details MITRE ATT&CK Techniques 125 
T1110
Details MITRE ATT&CK Techniques 5 
T1592.004
Details MITRE ATT&CK Techniques 50 
T1592
Details MITRE ATT&CK Techniques 34 
T1078.004
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 93 
T1485
Details MITRE ATT&CK Techniques 7 
T0809
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 19 
T1530
Details MITRE ATT&CK Techniques 67 
T1074
Details MITRE ATT&CK Techniques 74 
T1069.002
Details MITRE ATT&CK Techniques 65 
T1069
Details MITRE ATT&CK Techniques 89 
T1114
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 100 
T1567.002
Details MITRE ATT&CK Techniques 126 
T1567
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 1 
T0890
Details MITRE ATT&CK Techniques 109 
T1210
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 247 
T1070
Details MITRE ATT&CK Techniques 14 
T1590.005
Details MITRE ATT&CK Techniques 33 
T1590
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 9 
T1557.001
Details MITRE ATT&CK Techniques 21 
T1557
Details MITRE ATT&CK Techniques 1 
T0838
Details MITRE ATT&CK Techniques 1 
T0833
Details MITRE ATT&CK Techniques 3 
T0836
Details MITRE ATT&CK Techniques 168 
T1046
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 38 
T1550.002
Details MITRE ATT&CK Techniques 33 
T1550
Details MITRE ATT&CK Techniques 8 
T1563.002
Details MITRE ATT&CK Techniques 11 
T1563
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 159 
T1021
Details MITRE ATT&CK Techniques 243 
T1018
Details MITRE ATT&CK Techniques 32 
T1036.003
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 14 
T1595.001
Details MITRE ATT&CK Techniques 36 
T1595
Details MITRE ATT&CK Techniques 22 
T1029
Details MITRE ATT&CK Techniques 174 
T1569.002
Details MITRE ATT&CK Techniques 78 
T1569
Details MITRE ATT&CK Techniques 197 
T1489
Details MITRE ATT&CK Techniques 139 
T1021.002
Details MITRE ATT&CK Techniques 13 
T1565.001
Details MITRE ATT&CK Techniques 33 
T1565
Details MITRE ATT&CK Techniques 33 
T1080
Details MITRE ATT&CK Techniques 56 
T1595.002
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 21 
T1583.006
Details MITRE ATT&CK Techniques 66 
T1583
Details MITRE ATT&CK Techniques 104 
T1505.003
Details MITRE ATT&CK Techniques 67 
T1505
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 30 
T1021.006
Details Url 1 
https://www.sentinelone.com/anthology/blacksuit
Details Url 1 
https://thehackernews.com/2024/08/fbi-and-cisa-warn-of-blacksuit.html
Details Url 1 
https://www.techtarget.com/whatis/feature/the-cdk-global-outage-explaining-how-it-happened
Details Url 1 
https://therecord.media/japanese-media-kadokawa-investigating-cyber
Details Url 1 
https://therecord.media/plasma-donation-company-cyberattack-blacksuit
Details Url 2 
https://thecyberexpress.com/government-of-brazil-cyberattack-by-blacksuit
Details Url 4 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a