| SYMBOL | COMMON_NAME | aka. SYNONYMS |
ALPHA SPIDER is a threat actor known for developing and operating the Alphv ransomware as a service. They have been observed using novel offensive techniques, such as exploiting software vulnerabilities and leveraging legitimate administration tools for malicious activities. ALPHA SPIDER affiliates have demonstrated persistence in exfiltrating data and have shown the ability to bypass security measures like DNS-based filtering and multifactor authentication. Despite lacking specific operational security measures, defenders have opportunities to detect and respond to ALPHA SPIDER's operations effectively.
| 2025-05-06
⋅
Mandiant
⋅
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines BlackCat DragonForce RansomHub |
| 2025-05-06
⋅
Mandiant
⋅
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines BlackCat DragonForce RansomHub |
| 2024-10-30
⋅
EclecticIQ
⋅
Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus BlackCat Brute Ratel C4 Latrodectus |
| 2024-09-30
⋅
The DFIR Report
⋅
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware BlackCat Nitrogen Loader Sliver |
| 2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
| 2024-04-24
⋅
SentinelOne
⋅
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit BlackCat RansomHub RansomHub |
| 2024-02-29
⋅
CrowdStrike
⋅
The Anatomy of an ALPHA SPIDER Ransomware Attack BlackCat Alpha Spider |
| 2024-02-22
⋅
Sekoia
⋅
Scattered Spider laying new eggs BlackCat |
| 2023-12-13
⋅
cocomelonc
⋅
Malware in the wild book AsyncRAT Babuk BlackCat BlackLotus Carbanak HelloKitty Paradise Stealc WinDealer |
| 2023-12-03
⋅
Twitter (@vxunderground)
⋅
Tweet about ALPHV group compromising Tipalti to pressure its clients. BlackCat BlackCat |
| 2023-11-16
⋅
The Register
⋅
BlackCat plays with malvertising traps to lure corporate victims BlackCat |
| 2023-11-16
⋅
CISA
⋅
Scattered Spider Ave Maria BlackCat Raccoon Vidar |
| 2023-10-30
⋅
eSentire
⋅
Nitrogen Campaign 2.0: Reloads with Enhanced Capabilities Leading to ALPHV/BlackCat Ransomware BlackCat Nitrogen Loader |
| 2023-10-25
⋅
Microsoft
⋅
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction BlackCat BlackCat Lumma Stealer |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-08-17
⋅
Trellix
⋅
Scattered Spider: The Modus Operandi BlackCat POORTRY |
| 2023-07-18
⋅
Symantec
⋅
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware BlackCat Unidentified 103 (FIN8) |
| 2023-07-13
⋅
MSSP Lab
⋅
Malware analysis report: BlackCat ransomware BlackCat BlackCat |
| 2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
| 2023-06-01
⋅
Infinitum IT
⋅
BlackCat Ransomware Analysis Report (Paywall) BlackCat |
| 2023-05-30
⋅
IBM Security
⋅
BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration BlackCat BlackCat |
| 2023-05-22
⋅
Trend Micro
⋅
BlackCat Ransomware Deploys New Signed Kernel Driver BlackCat |
| 2023-04-19
⋅
Bleeping Computer
⋅
March 2023 broke ransomware attack records with 459 incidents Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-03
⋅
Mandiant
⋅
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access LaZagne BlackCat MimiKatz |
| 2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
| 2023-03-21
⋅
Github (rivitna)
⋅
BlackCat v3 Decryptor Scripts BlackCat BlackCat |
| 2022-11-09
⋅
Netskope
⋅
BlackCat Ransomware: Tactics and Techniques From a Targeted Attack BlackCat ExMatter |
| 2022-10-25
⋅
Microsoft
⋅
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector BlackCat Mount Locker PortStarter Zeppelin Vanilla Tempest |
| 2022-10-10
⋅
RiskIQ
⋅
DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns BlackCat Mount Locker SystemBC Zeppelin |
| 2022-09-22
⋅
Broadcom
⋅
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics BlackCat BlackMatter DarkSide |
| 2022-09-22
⋅
ComputerWeekly
⋅
ALPHV/BlackCat ransomware family becoming more dangerous BlackCat BlackCat FIN7 |
| 2022-09-08
⋅
Sentinel LABS
⋅
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection AgendaCrypt Black Basta BlackCat PLAY |
| 2022-09-06
⋅
SecurityScorecard
⋅
TTPs Associated With a New Version of the BlackCat Ransomware BlackCat |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-08-11
⋅
SecurityScorecard
⋅
The Increase in Ransomware Attacks on Local Governments BlackCat BlackCat Cobalt Strike LockBit |
| 2022-07-18
⋅
SecurityScorecard
⋅
A Deep Dive Into ALPHV/BlackCat Ransomware BlackCat |
| 2022-07-14
⋅
Sophos
⋅
BlackCat ransomware attacks not merely a byproduct of bad luck BlackCat BlackCat |
| 2022-06-29
⋅
Group-IB
⋅
Fat Cats - An analysis of the BlackCat ransomware affiliate program BlackCat BlackCat |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form) BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker |
| 2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat Velvet Tempest |
| 2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat |
| 2022-06-07
⋅
AdvIntel
⋅
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive BlackCat BlackCat Cobalt Strike |
| 2022-06-01
⋅
Jorge Testa
⋅
Killing The Bear - Alphv BlackCat BlackCat |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 BlackCat Conti LockBit |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF) BlackCat Conti LockBit |
| 2022-05-20
⋅
AdvIntel
⋅
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive |
| 2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-04-29
⋅
The Record
⋅
German wind farm operator confirms cybersecurity incident Black Basta BlackCat |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-19
⋅
FBI
⋅
FBI Flash CU-000167-MW: BlackCat/ALPHV Ransomware Indicators of Compromise BlackCat |
| 2022-04-18
⋅
AdvIntel
⋅
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt |
| 2022-04-18
⋅
Trend Micro
⋅
An Investigation of the BlackCat Ransomware via Trend Micro Vision One BlackCat |
| 2022-04-08
⋅
The Hacker News
⋅
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity BlackCat BlackMatter BlackCat BlackMatter |
| 2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat BlackCat |
| 2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat |
| 2022-03-23
⋅
CrowdStrike
⋅
Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack BlackCat |
| 2022-03-17
⋅
Cisco
⋅
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate BlackCat BlackMatter BlackCat BlackMatter |
| 2022-03-16
⋅
Symantec
⋅
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
| 2022-03-01
⋅
Cybereason
⋅
Cybereason vs. BlackCat Ransomware BlackCat |
| 2022-02-08
⋅
Trellix
⋅
BlackCat Ransomware as a Service - The Cat is certainly out of the bag! BlackCat BlackCat |
| 2022-02-02
⋅
ZDNet
⋅
BlackCat ransomware implicated in attack on German oil companies BlackCat BlackCat |
| 2022-01-28
⋅
KrebsOnSecurity
⋅
Who Wrote the ALPHV/BlackCat Ransomware Strain? BlackCat BlackCat |
| 2022-01-27
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: BlackCat Ransomware BlackCat |
| 2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat LockBit |
| 2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat BlackCat |
| 2022-01-26
⋅
Varonis
⋅
ALPHV (BlackCat) Ransomware BlackCat |
| 2022-01-18
⋅
SentinelOne
⋅
BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims BlackCat |
| 2021-12-16
⋅
Symantec
⋅
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware BlackCat |
| 2021-12-10
⋅
Dissecting Malware
⋅
BlackCatConf - Static Configuration Extractor for BlackCat Ransomware BlackCat |
| 2021-12-10
⋅
Medium s2wlab
⋅
BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration BlackCat BlackMatter |
| 2021-12-01
⋅
⋅
ID Ransomware
⋅
BlackCat Ransomware BlackCat |