SYMBOLCOMMON_NAMEaka. SYNONYMS
win.exmatter (Back to overview)

ExMatter

Exfiltration tool written in .NET, used by at least one BlackMatter ransomware operator.

References
2022-11-09NetskopeGustavo Palazolo
@online{palazolo:20221109:blackcat:8205dee, author = {Gustavo Palazolo}, title = {{BlackCat Ransomware: Tactics and Techniques From a Targeted Attack}}, date = {2022-11-09}, organization = {Netskope}, url = {https://www.netskope.com/blog/blackcat-ransomware-tactics-and-techniques-from-a-targeted-attack}, language = {English}, urldate = {2022-11-18} } BlackCat Ransomware: Tactics and Techniques From a Targeted Attack
BlackCat ExMatter
2022-06-28AccentureAccenture
@online{accenture:20220628:stealbit:ec9bb0e, author = {Accenture}, title = {{Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools}}, date = {2022-06-28}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/security/stealbit-exmatter-exfiltration-tool-analysis}, language = {English}, urldate = {2022-09-26} } Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools
ExMatter StealBit
2022-03-22KrollCole Manaster, Pierson Clair
@online{manaster:20220322:analyzing:908d98b, author = {Cole Manaster and Pierson Clair}, title = {{Analyzing Exmatter: A Ransomware Data Exfiltration Tool}}, date = {2022-03-22}, organization = {Kroll}, url = {https://www.kroll.com/en/insights/publications/cyber/analyzing-exmatter-ransomware-data-exfiltration-tool}, language = {English}, urldate = {2022-04-29} } Analyzing Exmatter: A Ransomware Data Exfiltration Tool
ExMatter
2021-11-19Twitter (@knight0x07)neeraj
@online{neeraj:20211119:exmatter:c7d7d45, author = {neeraj}, title = {{Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group}}, date = {2021-11-19}, organization = {Twitter (@knight0x07)}, url = {https://twitter.com/knight0x07/status/1461787168037240834?s=20}, language = {English}, urldate = {2021-11-29} } Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter
2021-11-01SymantecThreat Hunter Team
@online{team:20211101:blackmatter:9be0505, author = {Threat Hunter Team}, title = {{BlackMatter: New Data Exfiltration Tool Used in Attacks}}, date = {2021-11-01}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackmatter-data-exfiltration}, language = {English}, urldate = {2022-09-20} } BlackMatter: New Data Exfiltration Tool Used in Attacks
ExMatter

There is no Yara-Signature yet.