BlackMatter
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:35
- Modified
- 21/12/2025 02:27
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 50 attack patterns (mitre), 4 intrusion sets (apt), 5 sectors, 64 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (50)
-
T1070.001 usesClear Windows Event Logs MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1014 usesRootkit MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1134 usesAccess Token Manipulation MITRE
-
T1007 usesSystem Service Discovery MITRE
-
T1471 MITRE
-
T1081 uses
-
T1583 usesAcquire Infrastructure MITRE
-
T1530 usesData from Cloud Storage MITRE
Intrusion sets (APT) (4)
-
Kasseika usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC4466 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (5)
-
Retail targets
-
Heavy industries targets
-
Healthcare targets
-
Hospitality targets
-
Banking institutions targets
Indicators (64)
-
stix 100/100 Revoked· Valid until 28/04/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 25/12/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 28/04/2025 · Source: AlienVault
-
stix 100/100 Revoked
mpress_2_xx_x86
· Valid until 26/09/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 05/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 28/04/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/01/2024 · Source: AlienVault
Vulnerabilities (CVE) (3)
Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a …
- Published
- 07/04/2023
- Modified
- 21/12/2025