{
  "name": "StopRansomware: Black Basta",
  "slug": "stopransomware-black-basta",
  "description": "This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Public Health. They gain initial access through phishing and exploiting vulnerabilities, employ double extortion tactics with data exfiltration and encryption, and leverage various tools for lateral movement and privilege escalation. The advisory provides mitigations and recommendations for organizations to protect against this threat.",
  "published": "2024-05-13T07:31:59+00:00",
  "created_at": "2024-05-13T07:31:59+00:00",
  "modified_at": "2024-05-13T08:00:24+00:00",
  "created_at_opencti": "2024-05-13T07:31:59+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-08",
    "2024-05-09",
    "2024-05-10",
    "2024-05-13",
    "CVE-2020-1472",
    "CVE-2021-34527",
    "CVE-2021-42278",
    "CVE-2021-42287",
    "CVE-2024-1709",
    "encryption",
    "exfiltration",
    "healthcare",
    "phishing",
    "pinkslipbot",
    "qakbot",
    "qbot",
    "quackbot",
    "ransomware"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "95.181.173.227"
      },
      {
        "id": "",
        "name": "83.243.40.10"
      },
      {
        "id": "",
        "name": "80.239.207.200"
      },
      {
        "id": "",
        "name": "64.176.219.106"
      },
      {
        "id": "",
        "name": "5.78.115.67"
      },
      {
        "id": "",
        "name": "207.126.152.242"
      },
      {
        "id": "",
        "name": "185.7.214.79"
      },
      {
        "id": "",
        "name": "185.219.221.136"
      },
      {
        "id": "",
        "name": "183.181.86.147"
      },
      {
        "id": "",
        "name": "155.138.246.122"
      },
      {
        "id": "",
        "name": "88.198.198.90"
      },
      {
        "id": "",
        "name": "46.161.27.151"
      },
      {
        "id": "",
        "name": "116.203.186.178"
      },
      {
        "id": "",
        "name": "xkpal.d6597fa.dns.blocktoday.net"
      },
      {
        "id": "",
        "name": "xkpal.1a4a64b6.dns.blocktoday.net"
      },
      {
        "id": "",
        "name": "nuher.3577125d2a75f6a277fc5714ff536c5c6af5283d928a66daad6825b9a.7aaf8bba88534e88ec89251c57b01b322c7f52c7f1a5338930ae2a50.cbb47411f60fe58f76cf79d300c03bdecfb9e83379f59d80b8494951.e10c20f77.7fcc0eb6.dns.blocktoday.net"
      },
      {
        "id": "",
        "name": "nuher.1d67bbcf4.456d87aa6.2d84dfba.dns.specialdrills.com"
      },
      {
        "id": "",
        "name": "my.2a91c002002.588027fa.dns.realbumblebee.net"
      },
      {
        "id": "",
        "name": "fy9.39d9030e5d3a8e2352daae2f4cd3c417b36f64c6644a783b9629147a1.afd8b8a4615358e0313bad8c544a1af0d8efcec0e8056c2c8eee96c7.b06d1825c0247387e38851b06be0272b0bd619b7c9636bc17b09aa70.a46890f27.588027fa.dns.realbumblebee.net"
      },
      {
        "id": "",
        "name": "dns.trailshop.net"
      },
      {
        "id": "",
        "name": "fy9.36c44903529fa273afff3c9b7ef323432e223d22ae1d625c4a3957d57.015c16eff32356bf566c4fd3590c6ff9b2f6e8c587444ecbfc4bcae7.f71995aff9e6f22f8daffe9d2ad9050abc928b8f93bb0d42682fd3c3.445de2118.588027fa.dns.realbumblebee.net"
      },
      {
        "id": "",
        "name": "dns.artspathgroupe.net"
      },
      {
        "id": "",
        "name": "0gpw.588027fa.dns.realbumblebee.net"
      },
      {
        "id": "",
        "name": "wipresolutions.com"
      },
      {
        "id": "",
        "name": "winklen.ch"
      },
      {
        "id": "",
        "name": "webnubee.com"
      },
      {
        "id": "",
        "name": "usaglobalnews.com"
      },
      {
        "id": "",
        "name": "trailcosolutions.com"
      },
      {
        "id": "",
        "name": "trailshop.net"
      },
      {
        "id": "",
        "name": "trailcocompany.com"
      },
      {
        "id": "",
        "name": "trackgroup.net"
      },
      {
        "id": "",
        "name": "topglobaltv.com"
      },
      {
        "id": "",
        "name": "tomlawcenter.com"
      },
      {
        "id": "",
        "name": "thetrailbig.net"
      },
      {
        "id": "",
        "name": "thesmartcloudusa.com"
      },
      {
        "id": "",
        "name": "technologgies.com"
      },
      {
        "id": "",
        "name": "startupmartec.net"
      },
      {
        "id": "",
        "name": "startupbuss.com"
      },
      {
        "id": "",
        "name": "specialdrills.com"
      },
      {
        "id": "",
        "name": "simorten.com"
      },
      {
        "id": "",
        "name": "securecloudmanage.com"
      },
      {
        "id": "",
        "name": "recentbeelive.com"
      },
      {
        "id": "",
        "name": "recentbee.net"
      },
      {
        "id": "",
        "name": "rasapool.net"
      },
      {
        "id": "",
        "name": "realbumblebee.net"
      },
      {
        "id": "",
        "name": "protectionek.com"
      },
      {
        "id": "",
        "name": "otxcarecosmetics.com"
      },
      {
        "id": "",
        "name": "otxcosmeticscare.com"
      },
      {
        "id": "",
        "name": "ontexcare.com"
      },
      {
        "id": "",
        "name": "oneblackwood.com"
      },
      {
        "id": "",
        "name": "onedogsclub.com"
      },
      {
        "id": "",
        "name": "myfinancialexperts.com"
      },
      {
        "id": "",
        "name": "nebraska-lawyers.com"
      },
      {
        "id": "",
        "name": "modernbeem.net"
      },
      {
        "id": "",
        "name": "magentoengineers.com"
      },
      {
        "id": "",
        "name": "limitedtoday.com"
      },
      {
        "id": "",
        "name": "kekeoamigo.com"
      },
      {
        "id": "",
        "name": "jenshol.com"
      },
      {
        "id": "",
        "name": "investrealtydom.net"
      },
      {
        "id": "",
        "name": "investmentgblog.net"
      },
      {
        "id": "",
        "name": "currentbee.net"
      },
      {
        "id": "",
        "name": "consulheartinc.com"
      },
      {
        "id": "",
        "name": "childrensdolls.com"
      },
      {
        "id": "",
        "name": "buygreenstudio.com"
      },
      {
        "id": "",
        "name": "buyblocknow.com"
      },
      {
        "id": "",
        "name": "businessprofessionalllc.com"
      },
      {
        "id": "",
        "name": "artstrailreviews.com"
      },
      {
        "id": "",
        "name": "artstrailman.com"
      },
      {
        "id": "",
        "name": "artspathgroupe.net"
      },
      {
        "id": "",
        "name": "artspathgroup.net"
      },
      {
        "id": "",
        "name": "adslsdfdsfmo.world"
      },
      {
        "id": "",
        "name": "wellsystemte.net"
      },
      {
        "id": "",
        "name": "withclier.com"
      },
      {
        "id": "",
        "name": "welausystem.net"
      },
      {
        "id": "",
        "name": "unougn.com"
      },
      {
        "id": "",
        "name": "wardeli.com"
      },
      {
        "id": "",
        "name": "unitedfrom.com"
      },
      {
        "id": "",
        "name": "treeauwin.net"
      },
      {
        "id": "",
        "name": "trailgroupl.net"
      },
      {
        "id": "",
        "name": "taskthebox.net"
      },
      {
        "id": "",
        "name": "stockinvestlab.net"
      },
      {
        "id": "",
        "name": "steamteamdev.net"
      },
      {
        "id": "",
        "name": "startuptechnologyw.net"
      },
      {
        "id": "",
        "name": "startupbusiness24.net"
      },
      {
        "id": "",
        "name": "startupbizaud.net"
      },
      {
        "id": "",
        "name": "softradar.net"
      },
      {
        "id": "",
        "name": "septcntr.com"
      },
      {
        "id": "",
        "name": "seohomee.com"
      },
      {
        "id": "",
        "name": "reelsysmoona.net"
      },
      {
        "id": "",
        "name": "prettyanimals.net"
      },
      {
        "id": "",
        "name": "mytrailinvest.net"
      },
      {
        "id": "",
        "name": "monitorsystem.net"
      },
      {
        "id": "",
        "name": "monitor-websystem.net"
      },
      {
        "id": "",
        "name": "masterunix.net"
      },
      {
        "id": "",
        "name": "maluisepaul.com"
      },
      {
        "id": "",
        "name": "kolinileas.com"
      },
      {
        "id": "",
        "name": "karmafisker.com"
      },
      {
        "id": "",
        "name": "jessvisser.com"
      },
      {
        "id": "",
        "name": "ionoslaba.com"
      },
      {
        "id": "",
        "name": "investmentrealtyhp.net"
      },
      {
        "id": "",
        "name": "investmendvisor.net"
      },
      {
        "id": "",
        "name": "getfnewssolutions.com"
      },
      {
        "id": "",
        "name": "getfnewsolutions.com"
      },
      {
        "id": "",
        "name": "gartenlofti.com"
      },
      {
        "id": "",
        "name": "garbagemoval.com"
      },
      {
        "id": "",
        "name": "erihudeg.com"
      },
      {
        "id": "",
        "name": "constrtionfirst.com"
      },
      {
        "id": "",
        "name": "cloudworldst.net"
      },
      {
        "id": "",
        "name": "clearsystemwo.net"
      },
      {
        "id": "",
        "name": "caspercan.com"
      },
      {
        "id": "",
        "name": "businesforhome.com"
      },
      {
        "id": "",
        "name": "brendonline.com"
      },
      {
        "id": "",
        "name": "bluenetworking.net"
      },
      {
        "id": "",
        "name": "auuditoe.com"
      },
      {
        "id": "",
        "name": "audsystemecll.net"
      },
      {
        "id": "",
        "name": "animalsfast.net"
      },
      {
        "id": "",
        "name": "allcompanycenter.com"
      },
      {
        "id": "",
        "name": "airbusco.net"
      },
      {
        "id": "",
        "name": "fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f"
      },
      {
        "id": "",
        "name": "fafaff3d665b26b5c057e64b4238980589deb0dff0501497ac50be1bc91b3e08"
      },
      {
        "id": "",
        "name": "f21240e0bf9f0a391d514e34d4fa24ecb997d939379d2260ebce7c693e55f061"
      },
      {
        "id": "",
        "name": "f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4"
      },
      {
        "id": "",
        "name": "e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757"
      },
      {
        "id": "",
        "name": "df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415"
      },
      {
        "id": "",
        "name": "d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d"
      },
      {
        "id": "",
        "name": "d503090431fdd99c9df3451d9b73c5737c79eda6eb80c148b8dc71e84623401f"
      },
      {
        "id": "",
        "name": "d3683beca3a40574e5fd68d30451137e4a8bbaca8c428ebb781d565d6a70385e"
      },
      {
        "id": "",
        "name": "d15bfbc181aac8ce9faa05c2063ef4695c09b718596f43edc81ca02ef03110d1"
      },
      {
        "id": "",
        "name": "c26a5cb62a78c467cc6b6867c7093fbb7b1a96d92121d4d6c3f0557ef9c881e0"
      },
      {
        "id": "",
        "name": "b6a4f4097367d9c124f51154d8750ea036a812d5badde0baf9c5f183bb53dd24"
      },
      {
        "id": "",
        "name": "b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9"
      },
      {
        "id": "",
        "name": "ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e"
      },
      {
        "id": "",
        "name": "acb60f0dd19a9a26aaaefd3326db8c28f546b6b0182ed2dcc23170bcb0af6d8f"
      },
      {
        "id": "",
        "name": "a7b36482ba5bca7a143a795074c432ed627d6afa5bc64de97fa660faa852f1a6"
      },
      {
        "id": "",
        "name": "9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc"
      },
      {
        "id": "",
        "name": "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be"
      },
      {
        "id": "",
        "name": "90ba27750a04d1308115fa6a90f36503398a8f528c974c5adc07ae8a6cd630e7"
      },
      {
        "id": "",
        "name": "8c68b2a794ba3d148cae91bdf9c8d357289752a94118b5558418a36d95a5a45f"
      },
      {
        "id": "",
        "name": "88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc"
      },
      {
        "id": "",
        "name": "882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3"
      },
      {
        "id": "",
        "name": "86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737"
      },
      {
        "id": "",
        "name": "8501e14ee6ee142122746333b936c9ab0fc541328f37b5612b6804e6cdc2c2c6"
      },
      {
        "id": "",
        "name": "819cb9bcf62be7666db5666a693524070b0df589c58309b067191b30480b0c3a"
      },
      {
        "id": "",
        "name": "808c96cb90b7de7792a827c6946ff48123802959635a23bf9d98478ae6a259f9"
      },
      {
        "id": "",
        "name": "723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224"
      },
      {
        "id": "",
        "name": "7ad4324ea241782ea859af12094f89f9a182236542627e95b6416c8fb9757c59"
      },
      {
        "id": "",
        "name": "69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944"
      },
      {
        "id": "",
        "name": "5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa"
      },
      {
        "id": "",
        "name": "62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087"
      },
      {
        "id": "",
        "name": "5b2178c7a0fd69ab00cef041f446e04098bbb397946eda3f6755f9d94d53c221"
      },
      {
        "id": "",
        "name": "5942143614d8ed34567ea472c2b819777edd25c00b3e1b13b1ae98d7f9e28d43"
      },
      {
        "id": "",
        "name": "58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd"
      },
      {
        "id": "",
        "name": "51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e"
      },
      {
        "id": "",
        "name": "4ac69411ed124da06ad66ee8bfbcea2f593b5b199a2c38496e1ee24f9d04f34a"
      },
      {
        "id": "",
        "name": "462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7"
      },
      {
        "id": "",
        "name": "42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78"
      },
      {
        "id": "",
        "name": "3c65da7f7bfdaf9acc6445abbedd9c4e927d37bb9e3629f34afc338058680407"
      },
      {
        "id": "",
        "name": "3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a"
      },
      {
        "id": "",
        "name": "3a8fc07cadc08eeb8be342452636a754158403c3d4ebff379a4ae66f8298d9a6"
      },
      {
        "id": "",
        "name": "39939eacfbc20a2607064994497e3e886c90cd97b25926478434f46c95bd8ead"
      },
      {
        "id": "",
        "name": "37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004"
      },
      {
        "id": "",
        "name": "360c9c8f0a62010d455f35588ef27817ad35c715a5f291e43449ce6cb1986b98"
      },
      {
        "id": "",
        "name": "350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd"
      },
      {
        "id": "",
        "name": "3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a"
      },
      {
        "id": "",
        "name": "3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35"
      },
      {
        "id": "",
        "name": "1c1b2d7f790750d60a14bd661dae5c5565f00c6ca7d03d062adcecda807e1779"
      },
      {
        "id": "",
        "name": "17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20"
      },
      {
        "id": "",
        "name": "17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90"
      },
      {
        "id": "",
        "name": "0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e"
      },
      {
        "id": "",
        "name": "07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799"
      },
      {
        "id": "",
        "name": "05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431"
      },
      {
        "id": "",
        "name": "0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a"
      },
      {
        "id": "",
        "name": "034b5fe047920b2ae9493451623633b14a85176f5eea0c7aadc110ea1730ee79"
      },
      {
        "id": "",
        "name": "0112e3b20872760dda5f658f6b546c85f126e803e27f0577b294f335ffa5a298"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:377bd4885db797c7",
        "name": "QuackBot",
        "slug": "quackbot"
      },
      {
        "id": "legacy:malware:ecd8aac2625e41b0",
        "name": "Pinkslipbot",
        "slug": "pinkslipbot"
      },
      {
        "id": "legacy:malware:22b21da1c67d36f3",
        "name": "QakBot - S0650",
        "slug": "qakbot-s0650"
      },
      {
        "id": "legacy:malware:45b112b45fbe9a59",
        "name": "QBot",
        "slug": "qbot"
      }
    ],
    "intrusion_sets": [
      {
        "id": "1a54c017-233a-4c2a-8a82-5511f51d03a8",
        "name": "Black Basta",
        "slug": "black-basta"
      }
    ],
    "attack_patterns": [
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664",
        "name": "T1068"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2021-42287"
      },
      {
        "id": "",
        "name": "CVE-2021-42278"
      },
      {
        "id": "",
        "name": "CVE-2024-1709"
      },
      {
        "id": "",
        "name": "CVE-2021-34527"
      },
      {
        "id": "",
        "name": "CVE-2020-1472"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Public Health"
      },
      {
        "id": "",
        "name": "Healthcare"
      }
    ]
  },
  "external_refs": [
    "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a",
    "https://otx.alienvault.com/pulse/6641de0f085ac4fc0c55aec4"
  ]
}