SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.blackbasta (Back to overview)

Black Basta


ESXi encrypting ransomware, using a combination of the stream cipher ChaCha20 and RSA.

References
2023-03-30United States District Court (Eastern District of New York)Microsoft, Fortra, HEALTH-ISAC
@techreport{microsoft:20230330:cracked:08c67c0, author = {Microsoft and Fortra and HEALTH-ISAC}, title = {{Cracked Cobalt Strike (1:23-cv-02447)}}, date = {2023-03-30}, institution = {United States District Court (Eastern District of New York)}, url = {https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9).pdf}, language = {English}, urldate = {2023-04-28} } Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-01-25Quadrant Information SecurityQuadrant Information Security
@online{security:20230125:technical:eb69781, author = {Quadrant Information Security}, title = {{Technical Analysis: Black Basta Malware Overview}}, date = {2023-01-25}, organization = {Quadrant Information Security}, url = {https://quadrantsec.com/resource/technical-analysis/black-basta-malware-overview}, language = {English}, urldate = {2023-02-21} } Technical Analysis: Black Basta Malware Overview
Black Basta Black Basta
2022-10-31CynetMax Malyutin
@online{malyutin:20221031:orion:49e3b5c, author = {Max Malyutin}, title = {{Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware}}, date = {2022-10-31}, organization = {Cynet}, url = {https://www.cynet.com/blog/orion-threat-alert-qakbot-ttps-arsenal-and-the-black-basta-ransomware/}, language = {English}, urldate = {2022-11-15} } Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware
Black Basta Cobalt Strike QakBot
2022-09-28vmwareGiovanni Vigna
@online{vigna:20220928:esxitargeting:bd1ce9a, author = {Giovanni Vigna}, title = {{ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)}}, date = {2022-09-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html}, language = {English}, urldate = {2022-10-10} } ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil

There is no Yara-Signature yet.