← Back to Pulse Feed
PULSE DETAIL
Members of the Conti ransomware group appear to have splintered into multiple threat groups including BlackBasta, which has become one of the most significant ransomware threats. ThreatLabz has observed more than five victims that have been compromised by BlackBasta 2.0 since the new version’s release in mid-November 2022. This demonstrates that the threat group is very successful at compromising organizations and the latest version of the ransomware will likely enable them to better evade antivirus and EDRs.
MITRE ATT&CK & Malware Families
Indicators of Compromise (13)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA256 | 07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799 | — | 2022-12-02 | |
| FileHash-SHA256 | 350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd | — | 2022-12-02 | |
| FileHash-SHA256 | 51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e | — | 2022-12-02 | |
| FileHash-SHA256 | c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed | — | 2022-12-02 | |
| FileHash-SHA256 | e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757 | — | 2022-12-02 | |
| URL | https://downloads.level.io/level.msi | — | 2025-02-06 | |
| URL | https://bashupload.com/uCiPm/SENT_Kill[.]zip | — | 2025-02-06 | |
| domain | bashupload.com | — | 2025-02-06 | |
| domain | temp.sh | — | 2025-02-06 | |
| FileHash-SHA1 | 08274fbe89bbc3fb5da9c463b33f707749bc2cfa | — | 2025-02-06 | |
| FileHash-SHA1 | f550adb28f966c90fe47605c013587346f074021 | — | 2025-02-06 | |
| FileHash-SHA1 | 9b43a8b4034deabb35d920053949d79f7d189eb4 | — | 2025-02-06 | |
| FileHash-MD5 | 5748e201ac18944dd2ae67287944a5ee | — | 2025-02-21 |