Rapid7: Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Rapid7 reports a resurgence of activity from Black Basta ransomware operators in early October 2024 with new malware payloads, improved delivery, and increased defense evasion. They provide a technical analysis of the attack lifecycle. Indicators of compromise provided at their GitHub repo, and TTPs are mapped to MITRE ATT&CK.
#blackbasta #ransomware #cybercrime #ioc #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
Not Simon the Goat /
npub1ce…mclln
2024-12-04 16:03:00
Author Public Key
npub1cetfz9z5qtn3lly58p3t4hmxxqhy0vml22z5g8rve3vjesg5gzxs6mcllnPublished at
2024-12-04 16:03:00Event JSON
{
"id": "ef5ca0fd0bb2db218ea8205c4660a6e6e1f698b5a1617e4dee2581fa36df0528",
"pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d",
"created_at": 1733328180,
"kind": 1,
"tags": [
[
"t",
"BlackBasta"
],
[
"t",
"ransomware"
],
[
"t",
"cybercrime"
],
[
"t",
"ioc"
],
[
"t",
"threatintel"
],
[
"t",
"infosec"
],
[
"t",
"cybersecurity"
],
[
"t",
"cyberthreatintelligence"
],
[
"t",
"cti"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113595395625515647",
"activitypub"
]
],
"content": "Rapid7: Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware\nRapid7 reports a resurgence of activity from Black Basta ransomware operators in early October 2024 with new malware payloads, improved delivery, and increased defense evasion. They provide a technical analysis of the attack lifecycle. Indicators of compromise provided at their GitHub repo, and TTPs are mapped to MITRE ATT\u0026CK.\n\n#blackbasta #ransomware #cybercrime #ioc #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI",
"sig": "b694ccc107c18a3db39d30f02059bc79fff0ff9e0aa2ec945e619d299c726b47e9a4a678f473b40d98b29c4e49a76160af478fa49b19712a43e886bab394be87"
}