Black Basta Ransomware: What You Need to Know
Essential information
- Published
- 20/09/2024 11:21
- Modified
- 20/09/2024 11:41
- Tags
- 2024-09-20 black basta ransomware
- Related entities
- 6 vulnerabilities (cve), 82 observables, 1 intrusion sets (apt), 15 techniques (mitre), 7 malware, 3 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (6)
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 11/04/2022
- Modified
- 20/12/2025
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 11/04/2022
- Modified
- 20/12/2025
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM …
- Attack vector
- Local
- Published
- 13/06/2024
- Modified
- 21/12/2025
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …
- Attack vector
- Network
- Published
- 22/02/2024
- Modified
- 28/02/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Observables (82)
-
ab1a3f8a0510ffa3c043bc200fe357c9ce220ea916f50b8b5b454027ef935c54 -
a54fef5fe2af58f5bd75c3af44f1fba22b721f34406c5963b19c5376ab278cd1 -
a199c9d91a1e7c7051ec40f0a3a51143aa9f06af47a2a5f0e2dd235d7e1fe386 -
9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7 -
9f188b2f4aa6a5ff3a6fb9048a20c5566f25bd9fb313ed1ba1d332fadd82690f -
7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a -
699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76 -
5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173 -
53a06b78d89fe3f981ff32cd7a66f31e099d4bbaac36d7c64ed08d615d314408 -
5211ad84270862e68026ce8e6c15c1f8499551e19d2967c349b46d3f8cfcdcaa -
50f45122fdd5f8ca05668a385a734a278aa126ded185c3377f6af388c41788cb -
4b83aaecddfcb8cf5caeff3cb30fee955ecfc3eea97d19dccf86f24c77c41fc4
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (15)
-
Windows Service MITRE
-
Inhibit System Recovery MITRE
-
Windows Command Shell MITRE
-
PowerShell MITRE
-
Virtualization/Sandbox Evasion MITRE
-
Disable or Modify Tools MITRE
-
Malicious File MITRE
-
Data Encrypted for Impact MITRE
-
File and Directory Discovery MITRE
-
Windows Management Instrumentation MITRE
-
Masquerading MITRE
-
Modify Registry MITRE
Malware (7)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[QakBot](https://attack.mitre.org/software/S0650) is a modular banking trojan that has been used primarily by financially-motivated actors since at least 2007. [QakBot](https://attack.mitre.org/software/S0650) is continuously maintained and developed and has evolved from…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Family
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100
[SystemBC](https://attack.mitre.org/software/S9001) is a malware family offered as a malware-as-a-service (MaaS) that is used to establish command and control and facilitate follow-on activity, including ransomware deployment.[SystemBC](https://attack.mitre.org/software/S9001) executes a variety…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Family
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (3)
-
Australia
-
United States of America
-
Critical Infrastructure