Black Basta Ransomware: What You Need to Know
Essential information
- Published
- 20/09/2024 11:21
- Modified
- 20/09/2024 11:41
- Tags
- 2024-09-20 black basta ransomware
- Related entities
- 6 vulnerabilities (cve), 82 observables, 1 intrusion sets (apt), 15 techniques (mitre), 7 malware, 3 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (6)
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 11/04/2022
- Modified
- 20/12/2025
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 11/04/2022
- Modified
- 20/12/2025
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM …
- Attack vector
- Local
- Published
- 13/06/2024
- Modified
- 21/12/2025
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …
- Attack vector
- Network
- Published
- 22/02/2024
- Modified
- 28/02/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Observables (82)
-
kekeoamigo.com -
f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93 -
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3 -
dd32c037ed9b72acb6eda4f5193c7f1adc1e7e8d2aefcdd4b16de2f48420e1d3 -
dc56a30c0082145ad5639de443732e55dd895a5f0254644d1b1ec1b9457f04ff -
d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9 -
d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc -
d1949c75e7cb8e57f52e714728817ce323f6980c8c09e161c9e54a1e72777c13 -
cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa -
b18b40f513bae376905e259d325c12f9d700ee95f0d908a4d977a80c0420d52e -
affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada -
ab913b3bb637447f33add3c7020d353389738e4d532b905caed04c7c7f399277
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (15)
-
Windows Service MITRE
-
Inhibit System Recovery MITRE
-
Windows Command Shell MITRE
-
PowerShell MITRE
-
Virtualization/Sandbox Evasion MITRE
-
Disable or Modify Tools MITRE
-
Malicious File MITRE
-
Data Encrypted for Impact MITRE
-
File and Directory Discovery MITRE
-
Windows Management Instrumentation MITRE
-
Masquerading MITRE
-
Modify Registry MITRE
Malware (7)
-
Family
-
Family
-
Family
-
Family
-
AlienVault Confidence 100
[SystemBC](https://attack.mitre.org/software/S9001) is a malware family offered as a malware-as-a-service (MaaS) that is used to establish command and control and facilitate follow-on activity, including ransomware deployment.[SystemBC](https://attack.mitre.org/software/S9001) executes a variety…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Family
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (3)
-
Australia
-
United States of America
-
Critical Infrastructure