Ransomfeed

Profilo, status e statistiche (dal 12-01-2020)

Dettaglio cyber gang
alphv

Profilo gang by OSINT sources: [source: 0]

ALPHV, also known as BlackCat or Noberus, is a ransomware family that is deployed as part of Ransomware as a Service (RaaS) operations. ALPHV is written in the Rust programming language and supports execution on Windows, Linux-based operating systems (Debian, Ubuntu, ReadyNAS, Synology), and VMWare ESXi. ALPHV is marketed as ALPHV on cybercrime forums, but is commonly called BlackCat by security researchers due to an icon of a black cat appearing on its leak site. ALPHV has been observed being deployed in ransomware attacks since November 18, 2021. ALPHV can be configured to encrypt files using either the AES or ChaCha20 algorithms. In order to maximize the amount of ransomed data, ALPHV can delete volume shadow copies, stop processes and services, and stop virtual machines on ESXi servers. ALPHV can self-propagate by using PsExec to remote execute itself on other hosts on the local network.

Alerts: aka blackcat - fileserver `ihoqnxnvdwybrv6kiteiesjc3ic6du6axtv3arouxr6ddswrxa2wrbyd.onion`


Statistiche
N. rivendicazioni 2024 2023 2022
705 53 416 236
URLs
Fonte onionUltimo titoloStatusUltimo scrapeVersione Tor
alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion THIS WEBSITE HAS BEEN SEIZED 🔴 19-12-2023 3
alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion THIS WEBSITE HAS BEEN SEIZED 🔴 19-12-2023 3
2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid.onion 🔴 01-05-2021 3
vqifktlreqpudvulhbzmc5gocbeawl67uvs2pttswemdorbnhaddohyd.onion   🔴 07-06-2023 3
alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd.onion THIS WEBSITE HAS BEEN SEIZED 🔴 09-03-2024 3
Materiale utile
URL ricerca source: 0
https://blog.group-ib.com/blackcat
https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf
https://community.riskiq.com/article/47766fbd
https://documents.trendmicro.com/assets/pdf/datasheet-ransomware-in-Q1-2022.pdf
https://github.com/f0wl/blackCatConf
https://github.com/rivitna/Malware/tree/main/BlackCat/ALPHV3
https://go.kaspersky.com/rs/802-IJN-240/images/TR_BlackCat_Report.pdf
https://id-ransomware.blogspot.com/2021/12/blackcat-ransomware.html
https://killingthebear.jorgetesta.tech/actors/alphv
https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/
https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf
https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809
https://mssplab.github.io/threat-hunting/2023/07/13/malware-analysis-blackcat.html
https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/
https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9).pdf
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v
https://securelist.com/a-bad-luck-blackcat/106254/
https://securelist.com/modern-ransomware-groups-ttps/106824/
https://securityscorecard.com/blog/ttps-associated-with-new-version-of-blackcat-ransomware
https://securityscorecard.com/research/deep-dive-into-alphv-blackcat-ransomware
https://securityscorecard.com/research/the-increase-in-ransomware-attacks-on-local-governments
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor
https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html
https://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/
https://unit42.paloaltonetworks.com/blackcat-ransomware/
https://www.advintel.io/post/blackcat-in-a-shifting-threat-landscape-it-helps-to-land-on-your-feet-tech-dive
https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape
https://www.advintel.io/post/enter-karakurt-data-extortion-arm-of-prolific-ransomware-group
https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/
https://www.computerweekly.com/news/252525240/ALPHV-BlackCat-ransomware-family-becoming-more-dangerous
https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/
https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware
https://www.ic3.gov/Media/News/2022/220420.pdf
https://www.intrinsec.com/alphv-ransomware-gang-analysis
https://www.intrinsec.com/alphv-ransomware-gang-analysis/
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
https://www.netskope.com/blog/blackcat-ransomware-tactics-and-techniques-from-a-targeted-attack
https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/
https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/
https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/blackcat-ransomware-as-a-service.html
https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html
https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-conti-and-blackcat-lead-pack-amid-rise-in-active-raas-and-extortion-groups-ransomware-in-q1-2022
https://www.varonis.com/blog/alphv-blackcat-ransomware
https://www.zdnet.com/article/blackcat-ransomware-implicated-in-attack-on-german-oil-companies/
Note di riscatto

Questo script colleziona ogni rivendicazione criminale esattamente come esposta dalle fonti (modello "As Is"), in un database SQL per creare un feed permanente, che può anche essere seguito con tecnologia RSS.
Il motore è basato sul progetto ransomFeed, fork in GitHub.

© ransomfeed.it 2024 | share with |