← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BlackBasta ransomware
WHITE PetrP.73 2025-02-25 Modified: 2025-03-27
20
IOCs
MEDIUM VOLUME
The Conti ransomware group have splintered into multiple threat groups, including Black Basta. Black Basta has emerged as one of the most significant ransomware threats. The analysis observed that Black Basta has compromised over 50 organizations in the United States, United Kingdom, Australia, New Zealand, and Canada in just two months. This indicates the group’s high success rate in compromising organizations. The latest version of the ransomware is likely to enhance their ability to evade antivirus and EDR systems.
blackbastaransomware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BlackBasta
Indicators of Compromise (20)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://149.28.105.251:801/download/HK_DNS_x64_n1_x64_inf.dll 2025-02-25
URL https://202.55.69.146 2025-02-25
URL https://213.47.213.243 2025-02-25
URL https://91.204.248.6/zimbraAdmin/public/jsp/ZimbraAdmin.jsp 2025-02-25
URL https://mail.sc.qa/owa/:F40:-https://email.REDACTED.com/owa/auth/logon.aspx:Jon.Doe@REDACTED.com:keo1234 2025-02-25
URL https://outlook.REDACTED.com/owa/auth/logon.aspx:Jane.Doe@REDACTED.com:redacted@net01 2025-02-25
URL https://vulnerableapp.com/api' 2025-02-25
URL https://vulnerablefirewall.com/cgi-bin/globalprotect 2025-02-25
domain attacker-dns-server.com 2025-02-25
domain attacker-server.com 2025-02-25
domain inara.pk 2025-02-25
domain malicious-domain.com 2025-02-25
domain requests.post 2025-02-25
domain socket.af 2025-02-25
domain victim-mailserver.com 2025-02-25
domain vulnerableapp.com 2025-02-25
domain vulnerablefirewall.com 2025-02-25
hostname data.attacker-server.com 2025-02-25
hostname freedns.afraid.org 2025-02-25
hostname pay.kassa.shop 2025-02-25
References (1)
↗ https://medium.com/@simone.kraus/black-basta-playbook-chat-leak-d5036936166d