Pulse Detail — Threat Intelligence

PULSE NAME

Fake Zoom Ends in BlackSuit Ransomware – The DFIR Report

WHITE CyberHunter_NL 2025-04-01 Modified: 2025-05-01

IOCs

HIGH VOLUME

A look back at some of the key moments in a cyber-attack that took place in May 2024 and led to BlackSuit ransomware being successfully executed across all Windows systems, including the entire Windows operating system.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1018 T1021 T1033 T1047 T1059 T1069 T1071 T1082 T1087 T1102 T1105 T1127 T1134 T1135 T1189 T1204 T1218 T1482 T1486 T1490 T1518 T1547 T1560 T1564 T1567 T1569 T1570 T1572 T1104 T1546 T1106 T1530 T1176 T1110 T1055

MALWARE FAMILIES

SectopRAT NIDS BlackSuit Cobalt Strike

Indicators of Compromise (14 / 59 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	4b22032954a12677675add0de20d7b94	—	2025-04-01
FileHash-MD5	5b8ebe43ded7ba460e4827206329375a	MD5 of df774b96aa6f7ba914e7d6c1e3c448170e2e419e	2025-04-01
FileHash-MD5	80110fbb81d0407340b908bb43c815d3	—	2025-04-01
FileHash-MD5	8477ef317b8974e18ed84ca69b9f6a08	—	2025-04-01
FileHash-MD5	85144918f213e38993383f0745d7e41e	—	2025-04-01
FileHash-MD5	91f69fa3439f843b51c878688963e574	—	2025-04-01
FileHash-MD5	9bddb0e95a03fdcea4c62210f5818184	—	2025-04-01
FileHash-MD5	9fb4770ced09aae3b437c1c6eb6d7334	—	2025-04-01
FileHash-MD5	c0230d748e61819d9dfad0da03fe6ec8	—	2025-04-01
FileHash-MD5	d1ba9412e78bfc98074c5d724a1a87d6	—	2025-04-01
FileHash-MD5	d98fb34b4fa0f83d02e3272f1cb9c5fc	—	2025-04-01
FileHash-MD5	eae6cd02784743cde314afb8c533c5cd	—	2025-04-01
FileHash-MD5	f91fbe09b593fb1104b30e3343afb392	—	2025-04-01
FileHash-MD5	ffb3755897b8d38ccc70b9c3baa38960	—	2025-04-01

References (1)

↗ https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/#indicators