SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.darkside (Back to overview)

DarkSide


There is no description at this point.

References
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-08-06Group-IBAndrey Zhdanov
@online{zhdanov:20210806:its:e5b4483, author = {Andrey Zhdanov}, title = {{It's alive! The story behind the BlackMatter ransomware strain}}, date = {2021-08-06}, organization = {Group-IB}, url = {https://blog.group-ib.com/blackmatter#}, language = {English}, urldate = {2021-08-09} } It's alive! The story behind the BlackMatter ransomware strain
BlackMatter DarkSide BlackMatter DarkSide
2021-08-05KrebsOnSecurityBrian Krebs
@online{krebs:20210805:ransomware:0962b82, author = {Brian Krebs}, title = {{Ransomware Gangs and the Name Game Distraction}}, date = {2021-08-05}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/}, language = {English}, urldate = {2021-08-06} } Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Ransomware Maze RansomEXX REvil Ryuk Sekhmet
2021-06-22MaltegoMaltego Team, Intel 471
@online{team:20210622:chasing:91032a1, author = {Maltego Team and Intel 471}, title = {{Chasing DarkSide Affiliates: Identifying Threat Actors Connected to Darkside Ransomware Using Maltego & Intel 471}}, date = {2021-06-22}, organization = {Maltego}, url = {https://www.maltego.com/blog/chasing-darkside-affiliates-identifying-threat-actors-connected-to-darkside-ransomware-using-maltego-intel-471-1/}, language = {English}, urldate = {2021-06-23} } Chasing DarkSide Affiliates: Identifying Threat Actors Connected to Darkside Ransomware Using Maltego & Intel 471
DarkSide DarkSide
2021-06-22AT&TOfer Caspi
@online{caspi:20210622:darkside:2889f3c, author = {Ofer Caspi}, title = {{Darkside RaaS in Linux version}}, date = {2021-06-22}, organization = {AT&T}, url = {https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version}, language = {English}, urldate = {2021-06-24} } Darkside RaaS in Linux version
DarkSide
2021-06-21AlienVaultAT&T Alien Labs
@online{labs:20210621:darkside:9f1da07, author = {AT&T Alien Labs}, title = {{Darkside RaaS in Linux version}}, date = {2021-06-21}, organization = {AlienVault}, url = {https://otx.alienvault.com/pulse/60d0afbc395c24edefb33bb9}, language = {English}, urldate = {2021-06-22} } Darkside RaaS in Linux version
DarkSide
2021-06-07Department of JusticeOffice of Public Affairs
@online{affairs:20210607:department:d8a05d5, author = {Office of Public Affairs}, title = {{Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside}}, date = {2021-06-07}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside}, language = {English}, urldate = {2021-06-09} } Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
DarkSide
2021-06-03Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim, YH Jeong
@online{suh:20210603:w1:f034ac8, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim and YH Jeong}, title = {{W1 Jun | EN | Story of the week: Ransomware on the Darkweb}}, date = {2021-06-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b}, language = {English}, urldate = {2021-06-16} } W1 Jun | EN | Story of the week: Ransomware on the Darkweb
DarkSide Babuk DarkSide
2021-06-02CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210602:under:2e7083b, author = {Josh Dalman and Heather Smith}, title = {{Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware}}, date = {2021-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/}, language = {English}, urldate = {2021-06-09} } Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil
2021-05-28Trend MicroMina Nalim
@online{nalim:20210528:darkside:5eb7387, author = {Mina Nalim}, title = {{DarkSide on Linux: Virtual Machines Targeted}}, date = {2021-05-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/e/darkside-linux-vms-targeted.html}, language = {English}, urldate = {2021-06-01} } DarkSide on Linux: Virtual Machines Targeted
DarkSide
2021-05-24MIT Technology ReviewDaniel Golden, Renee Dudley
@online{golden:20210524:colonial:5724053, author = {Daniel Golden and Renee Dudley}, title = {{The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms}}, date = {2021-05-24}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/}, language = {English}, urldate = {2021-06-16} } The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
DarkSide DarkSide
2021-05-20Digital ShadowsStefano De Blasi
@online{blasi:20210520:ransomwareasaservice:c7173c4, author = {Stefano De Blasi}, title = {{Ransomware-as-a-Service, Rogue Affiliates, and What’s Next}}, date = {2021-05-20}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/}, language = {English}, urldate = {2021-05-26} } Ransomware-as-a-Service, Rogue Affiliates, and What’s Next
DarkSide DarkSide REvil
2021-05-19The Wall Street JournalCollin Eaton
@online{eaton:20210519:colonial:8185b82, author = {Collin Eaton}, title = {{Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom}}, date = {2021-05-19}, organization = {The Wall Street Journal}, url = {https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636}, language = {English}, urldate = {2021-05-19} } Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom
DarkSide DarkSide
2021-05-18The RecordCatalin Cimpanu
@online{cimpanu:20210518:darkside:14b6690, author = {Catalin Cimpanu}, title = {{Darkside gang estimated to have made over $90 million from ransomware attacks}}, date = {2021-05-18}, organization = {The Record}, url = {https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/}, language = {English}, urldate = {2021-05-19} } Darkside gang estimated to have made over $90 million from ransomware attacks
DarkSide DarkSide Mailto Maze REvil Ryuk
2021-05-18EllipticTom Robinson
@online{robinson:20210518:darkside:c1451b1, author = {Tom Robinson}, title = {{DarkSide Ransomware has Netted Over $90 million in Bitcoin}}, date = {2021-05-18}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin}, language = {English}, urldate = {2021-05-19} } DarkSide Ransomware has Netted Over $90 million in Bitcoin
DarkSide DarkSide
2021-05-18Bleeping ComputerIonut Ilascu
@online{ilascu:20210518:darkside:d8e345b, author = {Ionut Ilascu}, title = {{DarkSide ransomware made $90 million in just nine months}}, date = {2021-05-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/}, language = {English}, urldate = {2021-06-07} } DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk
2021-05-17GigamonJoe Slowik
@online{slowik:20210517:tracking:060c759, author = {Joe Slowik}, title = {{Tracking DarkSide and Ransomware: The Network View}}, date = {2021-05-17}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/}, language = {English}, urldate = {2021-05-17} } Tracking DarkSide and Ransomware: The Network View
DarkSide DarkSide
2021-05-14The RecordCatalin Cimpanu
@online{cimpanu:20210514:darkside:2760169, author = {Catalin Cimpanu}, title = {{Darkside ransomware gang says it lost control of its servers & money a day after Biden threat}}, date = {2021-05-14}, organization = {The Record}, url = {https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/}, language = {English}, urldate = {2021-05-17} } Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
DarkSide Avaddon REvil
2021-05-14KrebsOnSecurityBrian Krebs
@online{krebs:20210514:darkside:0a2cf92, author = {Brian Krebs}, title = {{DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized}}, date = {2021-05-14}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/}, language = {English}, urldate = {2021-05-17} } DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
DarkSide
2021-05-14Intel 471Intel 471
@online{471:20210514:moral:83d138a, author = {Intel 471}, title = {{The moral underground? Ransomware operators retreat after Colonial Pipeline hack}}, date = {2021-05-14}, organization = {Intel 471}, url = {https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime}, language = {English}, urldate = {2021-05-17} } The moral underground? Ransomware operators retreat after Colonial Pipeline hack
DarkSide DarkSide
2021-05-14Bleeping ComputerLawrence Abrams
@online{abrams:20210514:darkside:5169afb, author = {Lawrence Abrams}, title = {{DarkSide ransomware servers reportedly seized, REvil restricts targets}}, date = {2021-05-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/darkside-ransomware-servers-reportedly-seized-revil-restricts-targets/}, language = {English}, urldate = {2021-05-17} } DarkSide ransomware servers reportedly seized, REvil restricts targets
DarkSide DarkSide
2021-05-14EllipticDr. Tom Robinson
@online{robinson:20210514:elliptic:0c14d0e, author = {Dr. Tom Robinson}, title = {{Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims}}, date = {2021-05-14}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims}, language = {English}, urldate = {2021-05-17} } Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims
DarkSide DarkSide
2021-05-14GuidePoint SecurityDrew Schmitt
@online{schmitt:20210514:from:944b5f1, author = {Drew Schmitt}, title = {{From ZLoader to DarkSide: A Ransomware Story}}, date = {2021-05-14}, organization = {GuidePoint Security}, url = {https://www.guidepointsecurity.com/from-zloader-to-darkside-a-ransomware-story/}, language = {English}, urldate = {2021-05-17} } From ZLoader to DarkSide: A Ransomware Story
DarkSide Cobalt Strike Zloader
2021-05-14McAfeeRaj Samani, Christiaan Beek
@online{samani:20210514:darkside:e0b6b8d, author = {Raj Samani and Christiaan Beek}, title = {{Darkside Ransomware Victims Sold Short}}, date = {2021-05-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/darkside-ransomware-victims-sold-short/}, language = {English}, urldate = {2021-05-17} } Darkside Ransomware Victims Sold Short
DarkSide
2021-05-13Bleeping ComputerLawrence Abrams
@online{abrams:20210513:chemical:86f4f4a, author = {Lawrence Abrams}, title = {{Chemical distributor pays $4.4 million to DarkSide ransomware}}, date = {2021-05-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/}, language = {English}, urldate = {2021-05-17} } Chemical distributor pays $4.4 million to DarkSide ransomware
DarkSide DarkSide
2021-05-13Bleeping ComputerLawrence Abrams
@online{abrams:20210513:popular:62e98c8, author = {Lawrence Abrams}, title = {{Popular Russian hacking forum XSS bans all ransomware topics}}, date = {2021-05-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/}, language = {English}, urldate = {2021-05-17} } Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil
2021-05-13The RecordCatalin Cimpanu
@online{cimpanu:20210513:popular:278e039, author = {Catalin Cimpanu}, title = {{Popular hacking forum bans ransomware ads}}, date = {2021-05-13}, organization = {The Record}, url = {https://therecord.media/popular-hacking-forum-bans-ransomware-ads/}, language = {English}, urldate = {2021-05-17} } Popular hacking forum bans ransomware ads
DarkSide DarkSide
2021-05-13ABC NewsJustin Gomez
@online{gomez:20210513:dont:4c0730c, author = {Justin Gomez}, title = {{'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack}}, date = {2021-05-13}, organization = {ABC News}, url = {https://abcnews.go.com/Politics/biden-speak-colonial-pipeline-attack-americans-face-gasoline/story?id=77666212}, language = {English}, urldate = {2021-05-17} } 'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack
DarkSide
2021-05-13Stranded on Pylos BlogJoe Slowik
@online{slowik:20210513:mind:66194c8, author = {Joe Slowik}, title = {{Mind the (Air) Gap}}, date = {2021-05-13}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2021/05/13/mind-the-air-gap/}, language = {English}, urldate = {2021-05-17} } Mind the (Air) Gap
DarkSide
2021-05-13SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210513:ransomware:1c6898a, author = {Counter Threat Unit ResearchTeam}, title = {{Ransomware Groups Use Tor-Based Backdoor for Persistent Access}}, date = {2021-05-13}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransomware-groups-use-tor-based-backdoor-for-persistent-access}, language = {English}, urldate = {2021-05-26} } Ransomware Groups Use Tor-Based Backdoor for Persistent Access
DarkSide Snatch GOLD WATERFALL
2021-05-12SecurityScorecardRyan Sherstobitoff
@online{sherstobitoff:20210512:new:06b17ad, author = {Ryan Sherstobitoff}, title = {{New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted}}, date = {2021-05-12}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted}, language = {English}, urldate = {2021-05-17} } New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted
DarkSide DarkSide
2021-05-01Twitter (@JAMESWT_MHT)JamesWT
@online{jameswt:20210501:linux:150fb0f, author = {JamesWT}, title = {{Tweet on linux version of DarkSide ransomware}}, date = {2021-05-01}, organization = {Twitter (@JAMESWT_MHT)}, url = {https://twitter.com/JAMESWT_MHT/status/1388301138437578757}, language = {English}, urldate = {2021-05-13} } Tweet on linux version of DarkSide ransomware
DarkSide DarkSide
2021-03-09Youtube (SANS Digital Forensics and Incident Response)Eric Loui, Sergei Frankoff
@online{loui:20210309:jackpotting:1dcc95b, author = {Eric Loui and Sergei Frankoff}, title = {{Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021}}, date = {2021-03-09}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=qxPXxWMI2i4}, language = {English}, urldate = {2021-05-31} } Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:20210226:hypervisor:8dadf9c, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021-02-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout}, language = {English}, urldate = {2021-05-26} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
2021CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:2021:hypervisor:ade976a, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/}, language = {English}, urldate = {2021-05-31} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2020-09-29PWC UKAndy Auld
@online{auld:20200929:whats:2782a62, author = {Andy Auld}, title = {{What's behind the increase in ransomware attacks this year?}}, date = {2020-09-29}, organization = {PWC UK}, url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html}, language = {English}, urldate = {2021-05-25} } What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker
2020-05-29The New York TimesAndrew E. Kramer, Michael Schwirtz, Anton Troianovski
@online{kramer:20200529:secret:f7c5498, author = {Andrew E. Kramer and Michael Schwirtz and Anton Troianovski}, title = {{Secret Chats Show How Cybergang Became a Ransomware Powerhouse}}, date = {2020-05-29}, organization = {The New York Times}, url = {https://www.nytimes.com/2021/05/29/world/europe/ransomware-russia-darkside.html}, language = {English}, urldate = {2021-06-09} } Secret Chats Show How Cybergang Became a Ransomware Powerhouse
DarkSide
2020-05-28CrowdStrikeThe Crowdstrike Intel Team
@online{team:20200528:darkside:d2622a9, author = {The Crowdstrike Intel Team}, title = {{DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape}}, date = {2020-05-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-ransomware-adversaries-reacted-to-the-darkside-pipeline-attack/}, language = {English}, urldate = {2021-06-09} } DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
DarkSide DarkSide
2020-05-26DataBreaches.netDissent
@online{dissent:20200526:former:dcfe145, author = {Dissent}, title = {{A former DarkSide listing shows up on REvil’s leak site}}, date = {2020-05-26}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/a-former-darkside-listing-shows-up-on-revils-leak-site/}, language = {English}, urldate = {2021-06-09} } A former DarkSide listing shows up on REvil’s leak site
DarkSide REvil
2020-05-18CrowdStrikeKaran Sood, Shaun Hurley, Liviu Arsene
@online{sood:20200518:darkside:a32cfcd, author = {Karan Sood and Shaun Hurley and Liviu Arsene}, title = {{DarkSide Goes Dark: How CrowdStrike Falcon Customers Were Protected}}, date = {2020-05-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-protects-from-darkside-ransomware/}, language = {English}, urldate = {2021-06-09} } DarkSide Goes Dark: How CrowdStrike Falcon Customers Were Protected
DarkSide DarkSide

There is no Yara-Signature yet.