216.73.217.22

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

· Published 09/12/2024 22:32 · Modified 11/12/2024 17:09

Export JSON

Essential information

Published
09/12/2024 22:32
Modified
11/12/2024 17:09
Tags
2024-12-09 blackbasta darkgate ransomware zbot
Related entities
72 observables, 1 intrusion sets (apt), 14 techniques (mitre), 3 malware

Description

A resurgence of activity related to the Black Basta campaign has been observed since early October. The threat actors have refined their tactics, introducing new malware payloads, improved delivery methods, and enhanced defense evasion techniques. The attacks begin with email bombing of target users, followed by social engineering attempts via Microsoft Teams. Operators impersonate IT staff and trick users into installing remote management tools. Once access is gained, they deploy credential harvesters, , , and custom malware. The campaign has been linked to Black Basta deployments in the past, highlighting its serious nature. The attackers continue to update their strategies and tools rapidly, demonstrating sophisticated and persistent threat behavior.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (72)

  • 93.185.159.253
  • 91.212.166.91
  • 8.211.34.166
  • 8.209.111.227
  • 66.78.40.86
  • 46.8.236.61
  • 46.8.232.106
  • 212.232.22.140
  • 193.29.13.60
  • 185.238.169.17
  • 185.229.66.224
  • 184.174.97.32
  • 147.28.163.206
  • 145.223.116.66
  • 109.172.88.38
  • 109.172.87.135
  • 94.103.85.114
  • 88.214.25.32
  • 65.87.7.151
  • 188.130.206.243
  • 185.130.47.96
  • 179.60.149.194
  • 172.81.60.122
  • 45.61.152.154
  • doc2.docu-duplicator.com
  • doc1.docu-duplicator.com
  • doc.docu-duplicator.com
  • dns.winsdesignater.com
  • summerrain.cloud
  • posetoposeschool.com
  • mailh.org
  • dropmeafile.com
  • crystallakehotels.com
  • brownswer.com
  • blazingradiancesolar.com
  • bigdealcenter.world
  • fb444e7bb7c8f48207ceeba8bad9c2b9ae9c726ac28916c5be5390ba67c2c77c
  • ef28a572cda7319047fbc918d60f71c124a038cd18a02000c7ab413677c5c161
  • ee79f4e87e0b393c952b478c9a30f35802c09f93e899ecf6b40d8d6625188031
  • ec669387150865b59bbf98b41a770235ba4fd632aab33433c2d493460ef52479
  • ebbe6a9e1188e2ee1651b5c68b6b508fb52b9e8896dbbeb0f4e126961ba94982
  • c69ab262ac3f73277c4b9a777a408f57feb618e2e00bc2e66e8d97274083c742
  • d90afa08e38c15bb3e48187e436645b42d4d856e219242cb6c33085c4c1611db
  • c675130390b4ee16ea72dea30807939b1306d373c5b7ffe0cf1d2afaffc402b6
  • c50271cc3e26651a5b5384894490c7153c56b86435e61b5ca206f8e9c5c5542f
  • c4942f989530f09b499978721d282998eaa77be31a4361ac6250f1df721decb9
  • 9a21ec5a25dfe7ca51d4a843a96bfb6e650dc999d3b6d4bd771571359b3bea0a
  • 95a6c06ac691bec0ac2140b6590c96488feb8bc6c3ca501d1fe8ee7cbf9d0f8b
  • 97daf5e1b2519a655397173fb5af346f9435fb4acf097d10ad4ffde464d21c09
  • 729f08249b9f55f17fe7762d6c41c619127e0a7798194b7ff18f06003ff3d041
  • 71e08a89ecdfac3bb490bec6c4115cfd71de744897fd8b7dd7383646e911858e
  • 717aed4c123a3cde0695818f7038c1092d9dcd7c910ac5ddba96d5e348e1337f
  • 67c8bc21bbdcc59f7fd2b0a6f0f6c98f0076a0142e94cb3f158155e0ca9ac71a
  • 5e9fbae0b94f6e36717bbd2c997981ba438d7efd800e76924f73452a69c04051
  • 5fef7a5db4b1c216c9fc37d55143e5b635e8833d82f95004bb4fb47060fdf447
  • 57d8296dd901491d37e7c79d0fe95188f3b7c94affc71c8e732daea8369cfa4f
  • 4f30d975121d44705a79c4f5c8aeba80d8c97c8ef10c86fee011b99f12b173b4
  • 474ba7f2fb18b7b55fc077513cda6f6d36fb79e58065c556724ea049a392e327
  • 42ffc3eb728ccc83cf4f115c6a3e32c01ef80869b9f2c4f2d62a7a88c7bf4bc2
  • 3b7e06f1ccaa207dc331afd6f91e284fec4b826c3c427dffd0432fdc48d55176
  • 38ee04ee9d3b3912013d54483d8f822eebd0367408b369bc09f46cb339a54313
  • 2f5301125627331f56db76046d177493d8b0a814cdd9cafad3981aad97383163
  • 2a8a49d9c25d786a5108a53d0b3281677b299540f54580a7b49aa8de78ec0ee1
  • 1896ab744e436ca52a1c6c64a4608dbb8e5597e35d13be1f3c56bc65eb44e532
  • 1656c55c8516bd650fe59b71a5886ecf508deb927ed3c8465cf0ad5923c35958
  • 14aad4fcc77e5fd7e7782c9c5714d1a4187e60e75a765b71d5d41b920bbae31a
  • 146494eb276fc4539bffa6896b958e29a417a5959a5c10d100caf48514b66864
  • 0482dc9c6ed46e247682e1d4ae5c5a037ef0b66f3b22af9ae25ac072028dd7a2
  • db34e255aa4d9f4e54461571469b9dd53e49feed3d238b6cfb49082de0afb1e4
  • a9f2c4bc268765fc6d72d8e00363d2440cf1dcbd1ef7ee08978959fc118922c9
  • 49405370a33abbf131c5d550cebe00780cc3fd3cbe888220686582ae88f16af7
  • 22c5858ff8c7815c34b4386c3b4c83f2b8bb23502d153f5d8fb9f55bd784e764

Intrusion sets (APT) (1)

  • BlackBasta
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:14 · Modified 21/12/2025 03:14

Techniques (MITRE) (14)

Malware (3)

External references