ioc[.]one - OSINT Cyber Threat Intelligence Database

BlackCat Ransomware (ALPHV)

Tags

cmtmf-attack-pattern:	Command-Line Interface
country:	Australia Bahamas Netherlands Germany France Italy Spain Philippines Russia United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command-Line Interface - T1605 Control Panel - T1218.002 Credentials - T1589.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Powershell - T1086 Remote Desktop Protocol - T1076 Command-Line Interface

Show in Graph

Common Information

Type	Value
UUID	433ba6c8-ae5c-4d61-adfe-1557376fa28b
Fingerprint	363cc99bb237a647
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 26, 2022, 2 p.m.
Added to db	June 1, 2023, 10:54 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	BlackCat Ransomware (ALPHV)
Title	BlackCat Ransomware (ALPHV)
Detected Hints/Tags/Attributes	127/4/45

Source URLs

	Redirection	Url
Details	Source	https://www.varonis.com/blog/blackcat-ransomware

URL Provider

Details	Provider	Source level domain
Details	varonis.com	www.varonis.com

Attributes

Details	Type	#Events	Value
Details	CVE	17	cve-2016-0099
Details	File	16	-files.txt
Details	File	8	cmstplua.dll
Details	File	172	dllhost.exe
Details	File	122	psexec.exe
Details	File	345	vssadmin.exe
Details	File	23	'wevtutil.exe
Details	File	95	wevtutil.exe
Details	sha256	3	3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1
Details	sha256	6	5121f08cf8614a65d7a86c2f462c0694c132e2877a7f54ab7fcefd7ee5235a42
Details	sha256	2	9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26
Details	sha256	2	e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556
Details	sha256	2	f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083
Details	sha256	7	f8c08d00ff6e8c6adb1a93cd133b19302d0b651afd73ccb54e3b6ac6c60d99c6
Details	sha256	7	0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479
Details	sha256	4	13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31
Details	sha256	5	15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed
Details	sha256	5	1af1ca666e48afc933e2eda0ae1d6e88ebd23d27c54fd1d882161fd8c70b678e
Details	sha256	2	2587001d6599f0ec03534ea823aab0febb75e83f657fadc3a662338cc08646b0
Details	sha256	7	28d7e6fe31dc00f82cb032ba29aad6429837ba5efb83c2ce4d31d565896e1169
Details	sha256	7	2cf54942e8cf0ef6296deaa7975618dadff0c32535295d3f0d5f577552229ffc
Details	sha256	6	38834b796ed025563774167716a477e9217d45e47def20facb027325f2a790d1
Details	sha256	8	3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
Details	sha256	5	4e18f9293a6a72d5d42dad179b532407f45663098f959ea552ae43dbb9725cbf
Details	sha256	7	59868f4b346bd401e067380cac69080709c86e06fae219bfb5bc17605a71ab3f
Details	sha256	4	5bdc0fb5cfbd42de726aacc40eddca034b5fa4afcc88ddfb40a3d9ae18672898
Details	sha256	4	658e07739ad0137bceb910a351ce3fe4913f6fcc3f63e6ff2eb726e45f29e582
Details	sha256	4	7154fdb1ef9044da59fcfdbdd1ed9abc1a594cacb41a0aeddb5cd9fdaeea5ea8
Details	sha256	2	722f1c1527b2c788746fec4dd1af70b0c703644336909735f8f23f6ef265784b
Details	sha256	9	731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161
Details	sha256	6	7b2449bb8be1b37a9d580c2592a67a759a3116fe640041d0f36dc93ca3db4487
Details	sha256	6	7e363b5f1ba373782261713fa99e8bbc35ddda97e48799c4eb28f17989da8d8e
Details	sha256	2	9f6876762614e407d0ee6005f165dd4bbd12cb21986abc4a3a5c7dc6271fcdc3
Details	sha256	2	aae77d41eba652683f3ae114fadec279d5759052d2d774f149f3055bf40c4c14
Details	sha256	4	b588823eb5c65f36d067d496881d9c704d3ba57100c273656a56a43215f35442
Details	sha256	7	bd337d4e83ab1c2cacb43e4569f977d188f1bb7c7a077026304bf186d49d4117
Details	sha256	4	be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486
Details	sha256	5	c3e5d4e62ae4eca2bfca22f8f3c8cbec12757f78107e91e85404611548e06e40
Details	sha256	4	c5ad3534e1c939661b71f56144d19ff36e9ea365fdb47e4f8e2d267c39376486
Details	sha256	6	c8b3b67ea4d7625f8b37ba59eed5c9406b3ef04b7a19b97e5dd5dab1bd59f283
Details	sha256	4	cda37b13d1fdee1b4262b5a6146a35d8fc88fa572e55437a47a950037cc65d40
Details	sha256	6	cefea76dfdbb48cfe1a3db2c8df34e898e29bec9b2c13e79ef40655c637833ae
Details	sha256	2	d767524e1bbb8d50129485ffa667eb1d379c745c30d4588672636998c20f857f
Details	sha256	7	f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb
Details	Windows Registry Key	17	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters