ioc[.]one - OSINT Cyber Threat Intelligence Database

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Tags

cmtmf-attack-pattern:	Process Injection
attack-pattern:	Data Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Regsvr32 - T1218.010 Scheduled Task - T1053.005 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 Regsvr32 - T1117 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	69bb301f-86bf-4c44-a826-bda8ff045ccc
Fingerprint	2ee989f80e5f1e4f
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 30, 2022, midnight
Added to db	Oct. 15, 2024, 3:35 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
Title	Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
Detected Hints/Tags/Attributes	61/2/48

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_hk/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_nl/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_ie/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_th/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_ca/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_ph/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_id/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_ae/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_se/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_be/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_gb/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_no/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_dk/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Details	Source	https://www.trendmicro.com/en_fi/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	91	cve-2021-34527
Details	CVE	172	cve-2022-30190
Details	Domain	2	elblogdeloscachanillas.com.mx
Details	Domain	2	lalualex.com
Details	Domain	2	lizety.com
Details	File	459	regsvr32.exe
Details	File	1260	explorer.exe
Details	File	131	spoolsv.exe
Details	File	4	spider.dll
Details	sha256	2	01fafd51bb42f032b08b1c30130b963843fea0493500e871d6a6a87e555c7bac
Details	sha256	2	72a48f8592d89eb53a18821a54fd791298fcc0b3fc6bf9397fd71498527e7c0e
Details	sha256	3	580ce8b7f5a373d5d7fbfbfef5204d18b8f9407b0c2cbf3bcae808f4d642076a
Details	sha256	4	130af6a91aa9ecbf70456a0bee87f947bf4ddc2d2775459e3feac563007e1aed
Details	sha256	2	c7eb0facf612dbf76f5e3fe665fe0c4bfed48d94edc872952a065139720e3166
Details	sha256	3	ffa7f0e7a2bb0edf4b7785b99aa39c96d1fe891eb6f89a65d76a57ff04ef17ab
Details	sha256	4	2083e4c80ade0ac39365365d55b243dbac2a1b5c3a700aad383c110db073f2d9
Details	sha256	4	1e7174f3d815c12562c5c1978af6abbf2d81df16a8724d2a1cf596065f3f15a2
Details	sha256	4	2d906ed670b24ebc3f6c54e7be5a32096058388886737b1541d793ff5d134ccb
Details	sha256	3	72fde47d3895b134784b19d664897b36ea6b9b8e19a602a0aaff5183c4ec7d24
Details	sha256	4	2e890fd02c3e0d85d69c698853494c1bab381c38d5272baa2a3c2bc0387684c1
Details	sha256	4	c9df12fbfcae3ac0894c1234e376945bc8268acdc20de72c8dd16bf1fab6bb70
Details	sha256	4	8882186bace198be59147bcabae6643d2a7a490ad08298a4428a8e64e24907ad
Details	sha256	4	0e2b951ae07183c44416ff6fa8d7b8924348701efa75dd3cb14c708537471d27
Details	sha256	3	0d3af630c03350935a902d0cce4dc64c5cfff8012b2ffc2f4ce5040fdec524ed
Details	sha256	4	df35b45ed34eaca32cda6089acbfe638d2d1a3593d74019b6717afed90dbd5f8
Details	sha256	3	3fe73707c2042fefe56d0f277a3c91b5c943393cf42c2a4c683867d6866116fc
Details	sha256	1	433e572e880c40c7b73f9b4befbe81a5dca1185ba2b2c58b59a5a10a501d4236
Details	sha256	2	c4683097a2615252eeddab06c54872efb14c2ee2da8997b1c73844e582081a79
Details	IPv4	2	24.178.196.44
Details	IPv4	2	37.186.54.185
Details	IPv4	2	39.44.144.182
Details	IPv4	2	45.63.1.88
Details	IPv4	2	46.176.222.241
Details	IPv4	2	47.23.89.126
Details	IPv4	2	72.12.115.15
Details	IPv4	2	72.76.94.52
Details	IPv4	2	72.252.157.37
Details	IPv4	4	72.252.157.212
Details	IPv4	2	73.67.152.122
Details	IPv4	2	75.99.168.46
Details	IPv4	2	103.246.242.230
Details	IPv4	2	113.89.5.177
Details	IPv4	2	148.0.57.82
Details	IPv4	2	167.86.165.191
Details	IPv4	2	173.174.216.185
Details	IPv4	2	180.129.20.53
Details	IPv4	2	190.252.242.214
Details	IPv4	2	217.128.122.16