← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The-Ultimate-Black-basta-chat-leak
WHITE PetrP.73 2025-02-27 Modified: 2025-03-29
63
IOCs
HIGH VOLUME
Black Basta ransomware is actively exploiting Veeam Backup & Replication and Atlassian Confluence vulnerabilities for initial access and privilege escalation. Leaked chats reveal a structured attack strategy targeting unpatched enterprise systems. Immediate patching and enhanced monitoring are recommended to mitigate risk.
commandlineaccountnameeventidnewprocessnametimegeneratedveeamanydeskpowershellsharenameobjectnamelockbitmimikatzransomwarelsassprocdumphelldownbuddynetscanblackbastadownloadtriggerrealvncchatstringspikabotdefenderreconpsexecpersistencemetasploitsoarkillblack bastaatomic redzimbrasocks proxycobalt strikenetcatexecutionteamamadeyshellformbookdatelookcontiagentteslamonitoringmeterpreterencodedcommandkaliaprilfebruaryaugustbatloaderdefensetargetmanipulationqbotexploitspeednullpythonuserinittoolsprojectsentinelblackexample
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (5 / 63 total)
All CIDR CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 472a5f070458763f00a60ea310ad1312 MD5 of 6a5702c106666c1b89bcb12a450d393e6506fa387865328d06e1e230d4782548 2025-02-27
FileHash-MD5 5748e201ac18944dd2ae67287944a5ee 2025-02-27
FileHash-MD5 685d0cf6a7f9a3f12b98110fcc16d717 2025-02-27
FileHash-MD5 aa34141ea0a31372751154ab34f1fc73 MD5 of e19dfc72ad2eea815ef6b4eb9b812471b3bb3cf40333d97e3c552c87db86e65a 2025-02-27
FileHash-MD5 ad45748672878683e5a4bb38e41a583d MD5 of c5793613219a782eb08205921a3f9ed97c2c74de18e0cd36008046d1a5e1288e 2025-02-27
References (2)
↗ https://osintteam.blog/the-ultimate-black-basta-chat-leak-part-2-veeam-confluence-8b766c2182ac ↗ https://osintteam.blog/black-basta-playbook-chat-leak-d5036936166d