216.73.217.22

Black Basta Ransomware: What You Need to Know

· Published 20/09/2024 11:21 · Modified 20/09/2024 11:41

Export JSON

Essential information

Published
20/09/2024 11:21
Modified
20/09/2024 11:41
Tags
2024-09-20 black basta ransomware
Related entities
6 vulnerabilities (cve), 82 observables, 1 intrusion sets (apt), 15 techniques (mitre), 7 malware, 3 others

Description

is a -as-a-service group that emerged in April 2022, known for double extortion tactics. They target organizations globally, particularly in North America, Europe, and Australia, affecting over 500 entities across various industries. Initial access is gained through phishing, Qakbot, Cobalt Strike, and vulnerability exploitation. The group uses tools like Mimikatz for credential theft and lateral movement. Their process involves data exfiltration using Rclone, followed by file encryption using the ChaCha20 algorithm. The disables system defenses, deletes shadow copies, and leaves a ransom note. has been linked to the FIN7 threat actor due to similarities in EDR evasion techniques.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (6)

CVE-2021-42287 KEV

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Published
11/04/2022
Modified
20/12/2025
CVE-2021-42278 KEV

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Published
11/04/2022
Modified
20/12/2025
CVE-2024-26169 KEV
7.8 High

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM …

Attack vector
Local
Published
13/06/2024
Modified
21/12/2025
CVE-2024-1709 KEV
10.0 Critical

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …

Attack vector
Network
Published
22/02/2024
Modified
28/02/2026
CVE-2021-34527 KEV

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …

Published
03/11/2021
Modified
20/12/2025
CVE-2020-1472 KEV
5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector
Local
Published
03/11/2021
Modified
27/05/2026

Observables (82)

  • kekeoamigo.com
  • f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93
  • df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
  • dd32c037ed9b72acb6eda4f5193c7f1adc1e7e8d2aefcdd4b16de2f48420e1d3
  • dc56a30c0082145ad5639de443732e55dd895a5f0254644d1b1ec1b9457f04ff
  • d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9
  • d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc
  • d1949c75e7cb8e57f52e714728817ce323f6980c8c09e161c9e54a1e72777c13
  • cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa
  • b18b40f513bae376905e259d325c12f9d700ee95f0d908a4d977a80c0420d52e
  • affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada
  • ab913b3bb637447f33add3c7020d353389738e4d532b905caed04c7c7f399277
  • ab1a3f8a0510ffa3c043bc200fe357c9ce220ea916f50b8b5b454027ef935c54
  • a54fef5fe2af58f5bd75c3af44f1fba22b721f34406c5963b19c5376ab278cd1
  • a199c9d91a1e7c7051ec40f0a3a51143aa9f06af47a2a5f0e2dd235d7e1fe386
  • 9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7
  • 9f188b2f4aa6a5ff3a6fb9048a20c5566f25bd9fb313ed1ba1d332fadd82690f
  • 7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a
  • 699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76
  • 5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173
  • 53a06b78d89fe3f981ff32cd7a66f31e099d4bbaac36d7c64ed08d615d314408
  • 5211ad84270862e68026ce8e6c15c1f8499551e19d2967c349b46d3f8cfcdcaa
  • 50f45122fdd5f8ca05668a385a734a278aa126ded185c3377f6af388c41788cb
  • 4b83aaecddfcb8cf5caeff3cb30fee955ecfc3eea97d19dccf86f24c77c41fc4
  • 48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb
  • 46be54f719ee76af15099de6e337b05a0a442c813e815bbed92a71135cfd9ab2
  • 449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9
  • 3eb22320da23748f76f2ce56f6f627e4255bc81d09ffb3a011ab067924d8013b
  • 21033cd24a9d775d7daa7bbc5c5b007553f205ac0febb6bae3fa35c700676bda
  • 203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b
  • 1ed076158c8f50354c4dba63648e66c013c2d3673d76ac56582204686aae6087
  • 1d040540c3c2ed8f73e04c578e7fb96d0b47d858bbb67e9b39ec2f4674b04250
  • 15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4
  • 1391c20a26f248f7c602f20096bf1886cfe7e4d151602a1258a9bbe7c02c1c80
  • 0db7a0327192710c403e021cbfc3902d75c729b3ba59d87159bf8f59a151a481
  • 0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1
  • 0c964ac2f65f270eb19982b04ae346e72976bdf19b88ffd2308700dcce2b5ec0
  • 0bce6dc27d2cbdc231b563427c3489ddc69a0a88012abccd49b32c931dd93a81
  • 09bc7247b50a166996b667b9a6e696cfbafa203ffcbec46ad0cca27deacd5c25
  • fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f
  • fafaff3d665b26b5c057e64b4238980589deb0dff0501497ac50be1bc91b3e08
  • f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4
  • e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757
  • df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
  • d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d
  • d15bfbc181aac8ce9faa05c2063ef4695c09b718596f43edc81ca02ef03110d1
  • b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9
  • ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
  • acb60f0dd19a9a26aaaefd3326db8c28f546b6b0182ed2dcc23170bcb0af6d8f
  • a7b36482ba5bca7a143a795074c432ed627d6afa5bc64de97fa660faa852f1a6
  • 9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc
  • 96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
  • 90ba27750a04d1308115fa6a90f36503398a8f528c974c5adc07ae8a6cd630e7
  • 88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc
  • 882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3
  • 86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
  • 723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
  • 7ad4324ea241782ea859af12094f89f9a182236542627e95b6416c8fb9757c59
  • 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944
  • 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
  • 62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087
  • 5b2178c7a0fd69ab00cef041f446e04098bbb397946eda3f6755f9d94d53c221
  • 5942143614d8ed34567ea472c2b819777edd25c00b3e1b13b1ae98d7f9e28d43
  • 58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd
  • 51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e
  • 462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7
  • 42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78
  • 3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a
  • 39939eacfbc20a2607064994497e3e886c90cd97b25926478434f46c95bd8ead
  • 37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004
  • 360c9c8f0a62010d455f35588ef27817ad35c715a5f291e43449ce6cb1986b98
  • 350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd
  • 3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a
  • 3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35
  • 1c1b2d7f790750d60a14bd661dae5c5565f00c6ca7d03d062adcecda807e1779
  • 17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20
  • 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
  • 0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e
  • 07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799
  • 05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431
  • 0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a
  • 1fd42d07b4be99e0e503c0ed5af2274312be1b03e01b54a6d89c0eef04257d6e

Intrusion sets (APT) (1)

  • Black Basta
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:18 · Modified 20/12/2025 21:18

Techniques (MITRE) (15)

Malware (7)

  • Black Basta - S1070
    Family
    Published 05/02/2026 20:21 · Modified 05/02/2026 20:21
  • QuackBot
    Family
    Published 01/04/2025 14:48 · Modified 01/04/2025 14:48
  • Pinkslipbot
    Family
    Published 01/04/2025 14:48 · Modified 01/04/2025 14:48
  • QakBot - S0650
    Family
    Published 01/04/2025 14:48 · Modified 01/04/2025 14:48
  • SystemBC
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • QBot
    Family
    Published 01/04/2025 14:48 · Modified 01/04/2025 14:48
  • Cobalt Strike - S0154
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40

Others (3)

  • Australia
  • United States of America
  • Critical Infrastructure

External references