ioc[.]one - OSINT Cyber Threat Intelligence Database

#StopRansomware: Black Basta | CISA

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Exploit Public-Facing Application Masquerading
country:	Australia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploitation For Privilege Escalation - T1404 Exploit Public-Facing Application - T1377 Firmware - T1592.003 Impair Defenses - T1562 Impair Defenses - T1629 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Network Devices - T1584.008 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 Masquerading - T1036 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Scripting - T1064 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Exploit Public-Facing Application Masquerading Scripting

Show in Graph

Common Information

Type	Value
UUID	5db7fc8c-6d6b-4f1d-b0ea-f53f7a3ce21c
Fingerprint	2cf00cd89f379f7b
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 10, 2024, noon
Added to db	Sept. 19, 2024, 10:07 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	#StopRansomware: Black Basta
Title	#StopRansomware: Black Basta \| CISA
Detected Hints/Tags/Attributes	142/4/256

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

Attributes

Details	Type	#Events	Value
Details	CVE	29	cve-2024-1709
Details	CVE	217	cve-2020-1472
Details	CVE	32	cve-2021-42278
Details	CVE	23	cve-2021-42287
Details	CVE	91	cve-2021-34527
Details	Domain	41	stopransomware.gov
Details	Domain	1	0gpw.588027fa.dns.realbumblebee.net
Details	Domain	2	dns.trailshop.net
Details	Domain	2	dns.artspathgroupe.net
Details	Domain	2	my.2a91c002002.588027fa.dns.realbumblebee.net
Details	Domain	3	adslsdfdsfmo.world
Details	Domain	2	xkpal.d6597fa.dns.blocktoday.net
Details	Domain	5	rasapool.net
Details	Domain	2	nuher.1d67bbcf4.456d87aa6.2d84dfba.dns.specialdrills.com
Details	Domain	3	your-server.de
Details	Domain	2	xkpal.1a4a64b6.dns.blocktoday.net
Details	Domain	2	winklen.ch
Details	Domain	2	xserver.jp
Details	Domain	2	literoved.ru
Details	Domain	1	esx.zip
Details	Domain	5	trailshop.net
Details	Domain	5	realbumblebee.net
Details	Domain	5	recentbee.net
Details	Domain	5	investrealtydom.net
Details	Domain	5	webnubee.com
Details	Domain	5	artspathgroup.net
Details	Domain	5	buyblocknow.com
Details	Domain	4	currentbee.net
Details	Domain	4	modernbeem.net
Details	Domain	6	startupbusiness24.net
Details	Domain	5	magentoengineers.com
Details	Domain	4	childrensdolls.com
Details	Domain	4	myfinancialexperts.com
Details	Domain	5	limitedtoday.com
Details	Domain	5	kekeoamigo.com
Details	Domain	5	nebraska-lawyers.com
Details	Domain	5	tomlawcenter.com
Details	Domain	5	thesmartcloudusa.com
Details	Domain	5	artspathgroupe.net
Details	Domain	5	specialdrills.com
Details	Domain	5	thetrailbig.net
Details	Domain	2	consulheartinc.com
Details	Domain	2	otxcosmeticscare.com
Details	Domain	3	otxcarecosmetics.com
Details	Domain	3	artstrailman.com
Details	Domain	2	ontexcare.com
Details	Domain	3	trackgroup.net
Details	Domain	3	businessprofessionalllc.com
Details	Domain	3	securecloudmanage.com
Details	Domain	3	oneblackwood.com
Details	Domain	3	buygreenstudio.com
Details	Domain	2	startupbuss.com
Details	Domain	3	onedogsclub.com
Details	Domain	5	wipresolutions.com
Details	Domain	3	recentbeelive.com
Details	Domain	3	trailcocompany.com
Details	Domain	3	trailcosolutions.com
Details	Domain	3	artstrailreviews.com
Details	Domain	2	usaglobalnews.com
Details	Domain	3	topglobaltv.com
Details	Domain	3	startupmartec.net
Details	Domain	2	technologgies.com
Details	Domain	3	jenshol.com
Details	Domain	3	simorten.com
Details	Domain	3	investmentgblog.net
Details	Domain	3	protectionek.com
Details	Domain	3	airbusco.net
Details	Domain	3	allcompanycenter.com
Details	Domain	3	animalsfast.net
Details	Domain	3	audsystemecll.net
Details	Domain	3	auuditoe.com
Details	Domain	3	bluenetworking.net
Details	Domain	3	brendonline.com
Details	Domain	3	businesforhome.com
Details	Domain	3	caspercan.com
Details	Domain	3	clearsystemwo.net
Details	Domain	3	cloudworldst.net
Details	Domain	3	constrtionfirst.com
Details	Domain	3	erihudeg.com
Details	Domain	3	garbagemoval.com
Details	Domain	3	gartenlofti.com
Details	Domain	3	getfnewsolutions.com
Details	Domain	3	getfnewssolutions.com
Details	Domain	3	investmendvisor.net
Details	Domain	3	investmentrealtyhp.net
Details	Domain	3	ionoslaba.com
Details	Domain	3	jessvisser.com
Details	Domain	3	karmafisker.com
Details	Domain	3	kolinileas.com
Details	Domain	3	maluisepaul.com
Details	Domain	3	masterunix.net
Details	Domain	3	monitor-websystem.net
Details	Domain	3	monitorsystem.net
Details	Domain	3	mytrailinvest.net
Details	Domain	3	prettyanimals.net
Details	Domain	3	reelsysmoona.net
Details	Domain	3	seohomee.com
Details	Domain	3	septcntr.com
Details	Domain	3	softradar.net
Details	Domain	3	startupbizaud.net
Details	Domain	3	startuptechnologyw.net
Details	Domain	3	steamteamdev.net
Details	Domain	3	stockinvestlab.net
Details	Domain	3	taskthebox.net
Details	Domain	3	trailgroupl.net
Details	Domain	3	treeauwin.net
Details	Domain	3	unitedfrom.com
Details	Domain	3	unougn.com
Details	Domain	3	wardeli.com
Details	Domain	3	welausystem.net
Details	Domain	3	wellsystemte.net
Details	Domain	3	withclier.com
Details	Domain	29	blackberry.com
Details	Domain	152	cisa.gov
Details	Email	37	report@cisa.gov
Details	File	40	netscan.exe
Details	File	367	readme.txt
Details	File	345	vssadmin.exe
Details	File	37	rclone.exe
Details	File	16	winscp.exe
Details	File	1	c:\users\public\audio\jun.exe
Details	File	1	c:\users\public\audio\esx.zip
Details	File	1	c:\users\public\audio\7zg.exe
Details	File	1	c:\users\public\audio\7z.dll
Details	File	1	c:\users\public\db_usr.sql
Details	File	1	c:\users\public\audio\db_usr.sql
Details	File	1	c:\users\public\audio\hv2.ps1
Details	File	1	c:\users\public\7zg.exe
Details	File	1	c:\users\public\7z.dll
Details	File	1	c:\users\public\bitlogic.dll
Details	File	1	c:\users\public\netapp.exe
Details	File	1	c:\users\public\datasoft.exe
Details	File	1	c:\users\public\bitdata.exe
Details	File	1	c:\users\public\digitaltext.dll
Details	File	1	c:\users\public\geniusmesh.exe
Details	File	10	procexp.sys
Details	File	1	dumpnparse86.exe
Details	File	1	postdump.exe
Details	File	1	dumpnparse.exe
Details	File	1	c:\users\public\socksps.ps1
Details	File	1	c:\users\public\thief.exe
Details	File	1	gwt.ps1
Details	File	1	c:\program files\monitorit\gwt.ps1
Details	File	1	winx86.exe
Details	File	2125	cmd.exe
Details	File	1	c:\users\public\eucr.exe
Details	File	1	c:\windows\ds_c1.dll
Details	File	7	instructions_read_me.txt
Details	md5	2	4c897334e6391e7a2fa3cbcbf773d5a4
Details	md5	2	2642ec377c0cee3235571832cb472870
Details	md5	2	b3fe23dd4701ed00d79c03043b0b952e
Details	sha256	5	0112e3b20872760dda5f658f6b546c85f126e803e27f0577b294f335ffa5a298
Details	sha256	2	d3683beca3a40574e5fd68d30451137e4a8bbaca8c428ebb781d565d6a70385e
Details	sha256	4	88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc
Details	sha256	4	58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd
Details	sha256	4	39939eacfbc20a2607064994497e3e886c90cd97b25926478434f46c95bd8ead
Details	sha256	4	5b2178c7a0fd69ab00cef041f446e04098bbb397946eda3f6755f9d94d53c221
Details	sha256	7	51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e
Details	sha256	4	d15bfbc181aac8ce9faa05c2063ef4695c09b718596f43edc81ca02ef03110d1
Details	sha256	4	5942143614d8ed34567ea472c2b819777edd25c00b3e1b13b1ae98d7f9e28d43
Details	sha256	4	05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431
Details	sha256	4	a7b36482ba5bca7a143a795074c432ed627d6afa5bc64de97fa660faa852f1a6
Details	sha256	4	86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
Details	sha256	6	07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799
Details	sha256	7	96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Details	sha256	4	1c1b2d7f790750d60a14bd661dae5c5565f00c6ca7d03d062adcecda807e1779
Details	sha256	4	360c9c8f0a62010d455f35588ef27817ad35c715a5f291e43449ce6cb1986b98
Details	sha256	4	0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a
Details	sha256	6	9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc
Details	sha256	4	62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087
Details	sha256	4	7ad4324ea241782ea859af12094f89f9a182236542627e95b6416c8fb9757c59
Details	sha256	7	350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd
Details	sha256	4	90ba27750a04d1308115fa6a90f36503398a8f528c974c5adc07ae8a6cd630e7
Details	sha256	4	fafaff3d665b26b5c057e64b4238980589deb0dff0501497ac50be1bc91b3e08
Details	sha256	4	acb60f0dd19a9a26aaaefd3326db8c28f546b6b0182ed2dcc23170bcb0af6d8f
Details	sha256	4	d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d
Details	sha256	4	f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4
Details	sha256	5	723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
Details	sha256	10	ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
Details	sha256	5	fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f
Details	sha256	5	df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
Details	sha256	4	462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7
Details	sha256	4	3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a
Details	sha256	10	5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
Details	sha256	4	37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004
Details	sha256	4	3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35
Details	sha256	4	17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20
Details	sha256	4	42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78
Details	sha256	5	882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3
Details	sha256	7	e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757
Details	sha256	4	0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e
Details	sha256	4	69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944
Details	sha256	4	3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a
Details	sha256	9	17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
Details	sha256	4	b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9
Details	sha256	2	b6a4f4097367d9c124f51154d8750ea036a812d5badde0baf9c5f183bb53dd24
Details	sha256	2	f21240e0bf9f0a391d514e34d4fa24ecb997d939379d2260ebce7c693e55f061
Details	sha256	2	8501e14ee6ee142122746333b936c9ab0fc541328f37b5612b6804e6cdc2c2c6
Details	sha256	2	034b5fe047920b2ae9493451623633b14a85176f5eea0c7aadc110ea1730ee79
Details	sha256	2	8c68b2a794ba3d148cae91bdf9c8d357289752a94118b5558418a36d95a5a45f
Details	sha256	2	3c65da7f7bfdaf9acc6445abbedd9c4e927d37bb9e3629f34afc338058680407
Details	sha256	2	808c96cb90b7de7792a827c6946ff48123802959635a23bf9d98478ae6a259f9
Details	sha256	2	3a8fc07cadc08eeb8be342452636a754158403c3d4ebff379a4ae66f8298d9a6
Details	sha256	2	4ac69411ed124da06ad66ee8bfbcea2f593b5b199a2c38496e1ee24f9d04f34a
Details	sha256	2	819cb9bcf62be7666db5666a693524070b0df589c58309b067191b30480b0c3a
Details	sha256	2	c26a5cb62a78c467cc6b6867c7093fbb7b1a96d92121d4d6c3f0557ef9c881e0
Details	sha256	2	d503090431fdd99c9df3451d9b73c5737c79eda6eb80c148b8dc71e84623401f
Details	IPv4	2	66.249.66.18
Details	IPv4	2	95.181.173.227
Details	IPv4	2	207.126.152.242
Details	IPv4	2	72.14.196.50
Details	IPv4	2	72.14.196.192
Details	IPv4	2	72.14.196.2
Details	IPv4	2	72.14.196.226
Details	IPv4	5	46.161.27.151
Details	IPv4	2	185.219.221.136
Details	IPv4	2	64.176.219.106
Details	IPv4	2	5.78.115.67
Details	IPv4	2	46.8.16.77
Details	IPv4	2	185.7.214.79
Details	IPv4	7	185.220.100.240
Details	IPv4	3	107.189.30.69
Details	IPv4	2	5.183.130.92
Details	IPv4	2	185.220.101.149
Details	IPv4	2	188.130.218.39
Details	IPv4	2	188.130.137.181
Details	IPv4	2	46.8.10.134
Details	IPv4	2	155.138.246.122
Details	IPv4	2	80.239.207.200
Details	IPv4	2	183.181.86.147
Details	IPv4	2	34.149.120.3
Details	IPv4	2	104.21.40.72
Details	IPv4	2	34.250.161.149
Details	IPv4	2	88.198.198.90
Details	IPv4	2	35.244.153.44
Details	IPv4	2	35.212.86.55
Details	IPv4	2	34.251.163.236
Details	IPv4	2	34.160.81.203
Details	IPv4	2	34.149.36.179
Details	IPv4	2	104.21.26.145
Details	IPv4	3	83.243.40.10
Details	IPv4	2	35.227.194.51
Details	IPv4	2	35.190.31.54
Details	IPv4	2	34.120.190.48
Details	IPv4	2	116.203.186.178
Details	IPv4	2	34.160.17.71
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	276	T1490
Details	Threat Actor Identifier - FIN	377	FIN7