SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.blackbasta (Back to overview)

Black Basta

ESXi encrypting ransomware, using a combination of the stream cipher ChaCha20 and RSA.

References
2025-03-18TrellixJambul Tologonov, John Fokker
Analysis of Black Basta Ransomware Chat Leaks
Black Basta Black Basta
2025-03-18ExpelAARON WALTON
Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back)
Black Basta Black Basta
2025-03-12YouTube (John Hammond)John Hammond
LEAKED Russian Hackers Internal Chats
Black Basta Black Basta
2025-03-10LevelBlueKen Ng
Prevent, Detect, Contain: LevelBlue MDR’s Guide Against Black Basta Affiliates’ Attacks
Black Basta Black Basta ReedBed
2025-03-06flareEstelle Ruellan, Oleg Lypko, Tammy Harper
Deciphering Black Basta’s Infrastructure from the Chat Leak
Black Basta Black Basta
2025-03-05eSentireSpence Hutchinson
Initial Takeaways from the Black Basta Chat Leaks
Black Basta Black Basta
2025-03-03Trend MicroAdam O'Connor, Catherine Loveria, Gabriel Cardoso, Ian Kenefick, Jack Walsh, Jovit Samaniego, Lucas Silva, Stephen Carbery
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
Black Basta Black Basta Cactus ReedBed
2025-03-02ropgadget.comJeff White
Pivoting on Black Basta's (leaked) Infrastructure
Black Basta Black Basta
2025-03-01LeMagITValéry Rieß-Marchive
Ransomware : de REvil à Black Basta, que sait-on de Tramp ?
Black Basta Black Basta
2025-02-28Intel 471Intel 471
Black Basta exposed: A look at a cybercrime data leak
Black Basta Black Basta
2025-02-22CrowdStrikeCrowdStrike
Wandering Spider
Black Basta Black Basta GOLD REBELLION
2025-01-31ConnectWiseBlake Eakin
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks
Black Basta Black Basta ReedBed
2024-07-29MicrosoftCharles-Edouard Bettan, Danielle Kuznets Nohi, Edan Zwick, Meitar Pinto, Vaibhav Deshmukh
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Black Basta Black Basta Storm-0506
2024-05-15StairwellThreat Research at Stairwell
Stairwell threat report: Black Basta overview and detection rules
Black Basta Black Basta
2024-05-10CISACISA
AA24-131A: #StopRansomware: Black Basta
Black Basta Black Basta
2024-05-10Rapid7 LabsEvan McCann, Thomas Elkins, Tyler McGraw
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Black Basta Black Basta Cobalt Strike NetSupportManager RAT
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-20PWCPWC
Cyber Threats 2022: A Year in Retrospect
Black Basta Black Basta Earth Lusca GOLD REBELLION
2023-01-25Quadrant Information SecurityQuadrant Information Security
Technical Analysis: Black Basta Malware Overview
Black Basta Black Basta
2022-10-31CynetMax Malyutin
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware
Black Basta Cobalt Strike QakBot
2022-09-28vmwareGiovanni Vigna
ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil

There is no Yara-Signature yet.