SYMBOLCOMMON_NAMEaka. SYNONYMS

Vanilla Tempest  (Back to overview)

aka: DEV-0832, Vice Society

Vice Society is a ransomware group that has been active since at least June 2021. They primarily target the education and healthcare sectors, but have also been observed targeting the manufacturing industry. The group has used multiple ransomware families and has been known to utilize PowerShell scripts for their attacks. There are similarities between Vice Society and the Rhysida ransomware group, suggesting a potential connection or rebranding.


Associated Families
win.systembc elf.blackcat win.supper win.zeppelin win.mount_locker win.portstarter elf.inc elf.rhysida win.blackcat win.rhysida

References
2025-05-06MandiantMandiant
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
BlackCat DragonForce RansomHub
2025-05-06MandiantMandiant
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
BlackCat DragonForce RansomHub
2025-04-24MandiantMandiant
M-Trends 2025 Report
Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC Pink Sandstorm
2025-04-16SekoiaSekoia TDR
Interlock ransomware evolving under the radar
Interlock Berserk Stealer Interlock Lumma Stealer Supper
2025-04-15Beazley Security LabsBeazley Security Labs
Hunting Mice In Tunnels II - Fake CAPTCHAs and Ransomware
Interlock Supper
2025-03-31VirusTotal
48157c03bf9731926f9567fe1fabc807bff166241f8d6c27e6308dde68112669
Supper
2025-01-30Recorded FutureInsikt Group
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base
Rhysida KongTuke MintsLoader Broomstick Remcos Rhysida WarmCookie
2025-01-27The DFIR ReportMittenSec, MyDFIR, r3nzsec
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
GhostSocks LockBit SystemBC
2024-12-04Rapid7Tyler McGraw
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Black Basta Cobalt Strike DarkGate SystemBC Zloader
2024-11-29FortinetFred Gutierrez, Shunichi Imano
Ransomware Roundup - Interlock
Interlock Interlock Supper
2024-11-07Cisco TalosAliza Johnson, Chetan Raghuprasad, Elio Biasiotto, Michael Szeliga
Unwrapping the emerging Interlock ransomware attack
Interlock Rhysida
2024-10-30EclecticIQEclecticIQ Threat Research Team
Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus
BlackCat Brute Ratel C4 Latrodectus
2024-10-10paloalto Netoworks: Unit42Benjamin Chang, Micah Yates, Pranay Kumar Chhaparwal
Lynx Ransomware: A Rebranding of INC Ransomware
INC Lynx
2024-10-09Recorded FutureInsikt Group
Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware
Broomstick Rhysida
2024-09-30The DFIR ReportThe DFIR Report
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
BlackCat Nitrogen Loader Sliver
2024-09-20CISO SeriesSteve Prentice
Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
INC Storm-0494
2024-09-18Twitter (@MsftSecIntel)Microsoft
Tweet about threat actor Vanilla Tempest
INC GootLoader Storm-0494
2024-08-26The DFIR ReportThe DFIR Report
BlackSuit Ransomware
BlackSuit Cobalt Strike SystemBC
2024-08-12Rapid7Tyler McGraw
Ongoing Social Engineering Campaign Refreshes Payloads
Black Basta Cobalt Strike GhostSocks Lumma Stealer SystemBC
2024-07-29MandiantAshley Pearson, Jake Nicastro, Joseph Pisano, Josh Murchie, Joshua Shilko, Raymond Leong
UNC4393 Goes Gently into the SILENTNIGHT
Black Basta QakBot sRDI SystemBC Zloader UNC3973 UNC4393
2024-07-24ThreatDownThreatDown
Rhysida using Oyster Backdoor to deliver ransomware
Broomstick Rhysida
2024-07-02SekoiaQuentin Bourgue
Exposing FakeBat loader: distribution methods and adversary infrastructure
BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar
2024-06-05S-RMDavid Broom, Gavin Hull
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting
BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk
2024-05-30EuropolEuropol
Largest ever operation against botnets hits dropper malware ecosystem
BumbleBee IcedID SmokeLoader SystemBC TrickBot
2024-05-15MicrosoftMicrosoft Threat Intelligence
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Black Basta Cobalt Strike QakBot SystemBC
2024-04-29The DFIR ReportThe DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
IcedID Mount Locker
2024-04-24SentinelOneJim Walter
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit
BlackCat RansomHub RansomHub
2024-02-29CrowdStrikeJean-Philippe Teissier
The Anatomy of an ALPHA SPIDER Ransomware Attack
BlackCat Alpha Spider
2024-02-22SekoiaLivia Tibirna, Pierre-Antoine D., Quentin Bourgue, Threat & Detection Research Team
Scattered Spider laying new eggs
BlackCat
2024-02-12HelpNetSecurityZeljka Zorz
Decryptor for Rhysida ransomware is available!
Rhysida
2024-01-19KrollDavid Truman
Inside the SYSTEMBC Command-and-Control Server
SystemBC
2024-01-07nikhilh-20Nikhil Hegde
INC Linux Ransomware - Sandboxing with ELFEN and Analysis
INC
2023-12-13ShadowStackREShadowStackRE
Rhysida Ransomware
Rhysida Rhysida
2023-12-13cocomelonccocomelonc
Malware in the wild book
AsyncRAT Babuk BlackCat BlackLotus Carbanak HelloKitty Paradise Stealc WinDealer
2023-12-12FourcoreSwapnil
Rhysida Ransomware: History, TTPs And Adversary Emulation Plans
Rhysida Rhysida Vanilla Tempest
2023-12-10Detect FYISimone Kraus
Rhysida Ransomware and the Detection Opportunities
PolyVice Rhysida Vanilla Tempest
2023-12-03Twitter (@vxunderground)VX-Underground
Tweet about ALPHV group compromising Tipalti to pressure its clients.
BlackCat BlackCat
2023-11-16The RegisterConnor Jones
BlackCat plays with malvertising traps to lure corporate victims
BlackCat
2023-11-16CISACISA
Scattered Spider
BlackCat Ave Maria Raccoon Vidar
2023-11-16CISACISA
Scattered Spider
Ave Maria BlackCat Raccoon Vidar
2023-11-15FortinetAmey Gat, Andrew Nicchi, John Simmons, Mark Robson
Investigating the New Rhysida Ransomware
Rhysida
2023-11-13Twitter (@malwrhunterteam)MalwareHunterTeam
Tweet on Linux version of Rhysida
Rhysida
2023-11-12Github (vc0RExor)Aaron Jornet
The Swiss Knife: SystemBC | Coroxy
SystemBC
2023-10-30eSentireeSentire
Nitrogen Campaign 2.0: Reloads with Enhanced Capabilities Leading to ALPHV/BlackCat Ransomware
BlackCat Nitrogen Loader
2023-10-26Avast DecodedThreat Research Team
Rhysida Ransomware Technical Analysis
Rhysida
2023-10-12YouTube (FIRST)Aditya K. Sood
"Compromising the Keys to the Kingdom" - Exfiltrating Data to Own and Operate the Exploited Systems
Loki RAT SystemBC
2023-09-12FIRSTCONAditya K. Sood
Compromising the Keys to the Kingdom: Exfiltrating Data to Own and Operate the Exploited Systems (Slides)
Loki RAT SystemBC
2023-09-12ANSSIANSSI
FIN12: A Cybercriminal Group with Multiple Ransomware
BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC
2023-08-23LogpointAnish Bogati, Nischal khadgi
Defending Against 8base: Uncovering Their Arsenal and Crafting Responses
8Base Phobos SmokeLoader SystemBC
2023-08-17TrellixPhelix Oluoch
Scattered Spider: The Modus Operandi
BlackCat POORTRY
2023-08-10KasperskyKurt Baumgartner
Focus on DroxiDat/SystemBC
SystemBC
2023-08-09BleepingComputerBill Toulas
Rhysida ransomware behind recent attacks on healthcare
Rhysida
2023-08-09Trend MicroTrend Micro Research
An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector
Rhysida
2023-08-08Cisco TalosCisco Talos
What Cisco Talos knows about the Rhysida ransomware
Rhysida
2023-08-08Twitter (@malwrhunterteam)MalwareHunterTeam
Tweet about INC ransomware
INC
2023-08-08CheckpointCheckpoint Research
THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY
Rhysida Vanilla Tempest
2023-08-01LinkedIn (PRODAFT)PRODAFT
An organic relationship between the #Rhysida and #ViceSociety ransomware teams
Rhysida
2023-07-18SymantecThreat Hunter Team
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware
BlackCat Unidentified 103 (FIN8)
2023-07-13MSSP Labcocomelonc
Malware analysis report: BlackCat ransomware
BlackCat BlackCat
2023-06-29SentinelOneAlex Delamotte, Jim Walter
Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army
Rhysida
2023-06-28vmwareBria Beathley, Dana Behling, Deborah Snyder, Fae Carlisle
8Base Ransomware: A Heavy Hitting Player
8Base Phobos SmokeLoader SystemBC
2023-06-27SecurityIntelligenceCharlotte Hammond, Ole Villadsen
The Trickbot/Conti Crypters: Where Are They Now?
Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot
2023-06-22ReliaquestCaroline Fenstermacher
Goot to Loot - How a Gootloader Infection Led to Credential Access
GootLoader SystemBC
2023-06-10The DFIR ReportThe DFIR Report
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
BlackCat Cobalt Strike IcedID
2023-06-01Infinitum ITKerime Gencay
BlackCat Ransomware Analysis Report (Paywall)
BlackCat
2023-05-30IBM SecurityIBM Security X-Force Team
BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration
BlackCat BlackCat
2023-05-23SecplicityRyan Estes
Scratching the Surface of Rhysida Ransomware
Rhysida
2023-05-22Trend MicroBahaa Yamany, Mahmoud Zohdy, Mohamed Fahmy, Sherif Magdy
BlackCat Ransomware Deploys New Signed Kernel Driver
BlackCat
2023-05-15CrowdStrikeCrowdStrike
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
BlackCat SystemBC
2023-04-19SymantecThreat Hunter Team
Play Ransomware Group Using New Custom Data-Gathering Tools
PLAY SystemBC
2023-04-19Bleeping ComputerBill Toulas
March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-03MandiantEduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz
2023-04-03The DFIR ReportThe DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware
Cobalt Strike IcedID Mount Locker
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-30eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: BatLoader
BATLOADER Cobalt Strike ISFB SystemBC Vidar
2023-03-21Github (rivitna)Andrey Zhdanov
BlackCat v3 Decryptor Scripts
BlackCat BlackCat
2023-02-14IntrinsecCTI Intrinsec, Intrinsec
Vice-Society spreads its own ransomware
HelloKitty PolyVice Zeppelin
2023-02-14CybereasonCybereason Incident Response (IR) team
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
GootLoader Cobalt Strike SystemBC
2023-02-09cyber.wtf blogHendrik Eckardt
Defeating VMProtect’s Latest Tricks
SystemBC
2023-01-23KrollElio Biasiotto, Stephen Green
Black Basta – Technical Analysis
Black Basta Cobalt Strike MimiKatz QakBot SystemBC
2023-01-16IntrinsecIntrinsec
ProxyNotShell – OWASSRF – Merry Xchange
Cobalt Strike SystemBC
2022-11-28The DFIR ReportThe DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker
2022-11-10IntezerNicole Fishbein
How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot
2022-11-09NetskopeGustavo Palazolo
BlackCat Ransomware: Tactics and Techniques From a Targeted Attack
BlackCat ExMatter
2022-10-28velociraptorMatt Green
Windows.Carving.SystemBC - SystemBC RAT configuration Purser for Velociraptor
SystemBC
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker PortStarter Zeppelin Vanilla Tempest
2022-10-10RiskIQMicrosoft Threat Intelligence Center (MSTIC)
DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin
2022-09-28vmwareGiovanni Vigna
ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil
2022-09-22ComputerWeeklyAlex Scroxton
ALPHV/BlackCat ransomware family becoming more dangerous
BlackCat BlackCat FIN7
2022-09-22BroadcomSymantec Threat Hunter Team
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide
2022-09-21BitSightJoão Batista
SystemBC: The Multipurpose Proxy Bot Still Breathes
SystemBC
2022-09-14SecurityScorecardVlad Pasca
A Detailed Analysis of the Quantum Ransomware
Mount Locker
2022-09-08Sentinel LABSAleksandar Milenkoski, Jim Walter
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
AgendaCrypt Black Basta BlackCat PLAY
2022-09-06CISACISA, FBI, MS-ISAC, US-CERT
Alert (AA22-249A) #StopRansomware: Vice Society
Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin
2022-09-06SecurityScorecardVlad Pasca
TTPs Associated With a New Version of the BlackCat Ransomware
BlackCat
2022-08-30CiscoVanja Svajcer
ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-22MicrosoftMicrosoft
Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-08-11SecurityScorecardRobert Ames
The Increase in Ransomware Attacks on Local Governments
BlackCat BlackCat Cobalt Strike LockBit
2022-08-11CISACISA, FBI
#StopRansomware: Zeppelin Ransomware (PDF)
Zeppelin
2022-08-11CISACISA, FBI
Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware
Zeppelin
2022-07-18SecurityScorecardVlad Pasca
A Deep Dive Into ALPHV/BlackCat Ransomware
BlackCat
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-08Sekoiasekoia
Vice Society: a discreet but steady double extortion ransomware group
HelloKitty Zeppelin
2022-06-29Group-IBAndrey Zhdanov, Oleg Skulkin
Fat Cats - An analysis of the BlackCat ransomware affiliate program
BlackCat BlackCat
2022-06-23KasperskyDanila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)
BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker
2022-06-23KasperskyDanila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok
2022-06-13MicrosoftMicrosoft Threat Intelligence
The many lives of BlackCat ransomware
BlackCat Velvet Tempest
2022-06-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
The many lives of BlackCat ransomware
BlackCat
2022-06-07AdvIntelMarley Smith, Vitali Kremez, Yelisey Boguslavskiy
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive
BlackCat BlackCat Cobalt Strike
2022-06-01Jorge TestaJorge Testa
Killing The Bear - Alphv
BlackCat BlackCat
2022-06-01ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Salim Bitam, Seth Goodwin
CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC
2022-05-24BitSightBitSight, João Batista, Pedro Umbelino
Emotet Botnet Rises Again
Cobalt Strike Emotet QakBot SystemBC
2022-05-23Trend MicroTrend Micro Research
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF)
BlackCat Conti LockBit
2022-05-23Trend MicroMatsugaya Shingo
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022
BlackCat Conti LockBit
2022-05-20AdvIntelMarley Smith, Vitali Kremez, Yelisey Boguslavskiy
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive
2022-05-19IBMCharlotte Hammond, Golo Mühr, Ole Villadsen
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker WIZARD SPIDER
2022-05-11KasperskyGReAT
New ransomware trends in 2022
BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09Microsoft SecurityMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-09CybereasonLior Rochberger
Cybereason vs. Quantum Locker Ransomware
IcedID Mount Locker
2022-04-29The RecordJonathan Greig
German wind farm operator confirms cybersecurity incident
Black Basta BlackCat
2022-04-27ANSSIANSSI
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
2022-04-21ForescoutVedere Labs
Analysis of an ALPHV incident
BlackCat
2022-04-19FBIFBI
FBI Flash CU-000167-MW: BlackCat/ALPHV Ransomware Indicators of Compromise
BlackCat
2022-04-18AdvIntelVitali Kremez, Yelisey Boguslavskiy
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group
AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt
2022-04-18Trend MicroLeandro Froes, Lucas Silva
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
BlackCat
2022-04-12AhnLabASEC Analysis Team
SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC
2022-04-08The Hacker NewsRavie Lakshmanan
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
BlackCat BlackMatter BlackCat BlackMatter
2022-04-07KasperskyGReAT
A Bad Luck BlackCat
BlackCat BlackCat
2022-04-07KasperskyGReAT
A Bad Luck BlackCat
BlackCat
2022-03-27Bleeping ComputerLawrence Abrams
Hive ransomware ports its Linux VMware ESXi encryptor to Rust
BlackCat Hive Hive
2022-03-23CrowdStrikeFalcon OverWatch Team
Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack
BlackCat
2022-03-22The RegisterJeff Burt
This is a BlackCat you don't want crossing your path
BlackCat BlackMatter
2022-03-17CiscoCaitlin Huey, Tiago Pereira
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
BlackCat BlackMatter BlackCat BlackMatter
2022-03-16SymantecSymantec Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin
2022-03-04Medium walmartglobaltechJason Reaves, Joshua Platt
SystemBC, PowerShell version
SystemBC
2022-03-01CybereasonOhav Peri, Tom Fakterman
Cybereason vs. BlackCat Ransomware
BlackCat
2022-02-23EmsisoftSenan Conrad
Ransomware Profile: ALPHV
BlackCat
2022-02-08TrellixArnab Roy
BlackCat Ransomware as a Service - The Cat is certainly out of the bag!
BlackCat BlackCat
2022-02-02ZDNetJonathan Greig
BlackCat ransomware implicated in attack on German oil companies
BlackCat BlackCat
2022-01-28KrebsOnSecurityBrian Krebs
Who Wrote the ALPHV/BlackCat Ransomware Strain?
BlackCat BlackCat
2022-01-27Palo Alto Networks Unit 42Alex Hinchliffe, Amanda Tanner, Doel Santos
Threat Assessment: BlackCat Ransomware
BlackCat
2022-01-26IntrinsecIntrinsec
ALPHV ransomware gang analysis
BlackCat BlackCat
2022-01-26IntrinsecIntrinsec
ALPHV ransomware gang analysis
BlackCat LockBit
2022-01-26VaronisJason Hill
ALPHV (BlackCat) Ransomware
BlackCat
2022-01-19MandiantAdrian Sanchez Hernandez, Ervin James Ocampo, Paul Tarter
One Source to Rule Them All: Chasing AVADDON Ransomware
BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX
2022-01-18SentinelOneJim Walter
BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims
BlackCat
2021-12-21Twitter (@sisoma2)sisoma2
BlackCat Ransomware Linux variant
BlackCat
2021-12-16SymantecThreat Hunter Team
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware
BlackCat
2021-12-10Dissecting MalwareMarius Genheimer
BlackCatConf - Static Configuration Extractor for BlackCat Ransomware
BlackCat
2021-12-10Medium s2wlabS2W TALON
BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration
BlackCat BlackMatter
2021-12-01ID RansomwareAndrew Ivanov
BlackCat Ransomware
BlackCat
2021-11-05BlackberryThe BlackBerry Research & Intelligence Team
Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware
Cobalt Strike DoppelDridex Mount Locker Phobos StrongPity
2021-10-18The DFIR ReportThe DFIR Report
IcedID to XingLocker Ransomware in 24 hours
Cobalt Strike IcedID Mount Locker
2021-10-15Trend MicroFernando Mercês
Ransomware Operators Found Using New "Franchise" Business Model
Glupteba IcedID Mount Locker
2021-08-04kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] MountLocker – Some pseudo-code snippets
Mount Locker
2021-08-04CrowdStrikeCrowdStrike Intelligence Team, CrowdStrike IR, Falcon OverWatch Team
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
Cobalt Strike Egregor Mount Locker Prophet Spider
2021-07-14Intel 471Intel 471
How cybercriminals create turbulence for the transportation industry
Mount Locker Nefilim
2021-06-23SymantecThreat Hunter Team
Ransomware: Growing Number of Attackers Using Virtual Machines
Mount Locker
2021-06-07Medium walmartglobaltechJason Reaves, Joshua Platt
Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-05-23Chuongdong blogChuong Dong
MountLocker Ransomware
Mount Locker
2021-05-19Intel 471Intel 471
Look how many cybercriminals love Cobalt Strike
BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot
2021-05-18Github (Finch4)Finch
Analysis of MountLocker
Mount Locker
2021-05-10F-SecureCallum Roxan, Sami Ruohonen
Prelude to Ransomware: SystemBC
SystemBC
2021-05-10DarkTracerDarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
2021-04-23GuidePoint SecurityDrew Schmitt
Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response and Investigation
Mount Locker
2021-04-21SophosLabs UncutAnand Aijan, Andrew Brandt, Markel Picado, Michael Wood, Sean Gallagher, Sivagnanam Gn, Suriya Natarajan
Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-01Reversing LabsRobert Simmons
Code Reuse Across Packers and DLL Loaders
IcedID SystemBC
2021-03-31SophosMichael Heller
Sophos MTR in Real Time: What is Astro Locker Team?
Mount Locker
2021-02-25FireEyeBrendan McKeague, Bryce Abdo, Van Ta
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-03InfoSec Handlers Diary BlogBrad Duncan
Excel spreadsheets push SystemBC malware
Cobalt Strike SystemBC
2020-12-23Dissecting MalwareMarius Genheimer
Between a rock and a hard place - Exploring Mount Locker Ransomware
Mount Locker
2020-12-16SophosLabs UncutSean Gallagher, Sivagnanam Gn
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC
2020-12-11BlackberryBlackBerry Research and Intelligence team
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
Cobalt Strike Mount Locker
2020-11-19Bleeping ComputerLawrence Abrams
Mount Locker ransomware now targets your TurboTax tax returns
Mount Locker
2020-11-13Bleeping ComputerSergiu Gatlan
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
Mount Locker
2020-10-14SophosSean Gallagher
They’re back: inside a new Ryuk ransomware attack
Cobalt Strike Ryuk SystemBC
2020-09-24Bleeping ComputerLawrence Abrams
Mount Locker ransomware joins the multi-million dollar ransom game
Mount Locker
2019-07-31ProofpointDennis Schwarz, Kade Harmon, Kafeine, Proofpoint Threat Insight Team
SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
SystemBC

Credits: MISP Project