{ "type": "URL", "indicator": "https://send.vis.ee/download/b0ab053e7be94117/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://send.vis.ee/download/b0ab053e7be94117/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4059263908, "indicator": "https://send.vis.ee/download/b0ab053e7be94117/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6806a8e5ee2f5e916e13ea6f", "name": "Inside Black Basta: Ransomware Resilience and Evolution After the Leak", "description": "The Black Basta ransomware group has demonstrated remarkable resilience and adaptability following a significant leak of their internal communications. This leak has provided deep insights into their operations, revealing how they exploit both known and unknown vulnerabilities across various network and security devices. The group's ability to evolve and persist in their attacks poses a substantial threat to organizations worldwide.", "modified": "2025-05-21T20:00:40.207000", "created": "2025-04-21T20:21:57.381000", "tags": [ "black basta", "microsoft", "citrix", "esxi", "powershell", "storm2410", "storm1674", "remote access", "commandline", "basta", "anydesk", "this", "evolution", "shell", "exploit" ], "references": [ "https://medium.com/detect-fyi/inside-black-basta-ransomware-resilience-and-evolution-after-the-leak-1fd691e7cade" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Black Basta", "display_name": "Black Basta", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 22, "hostname": 2, "FileHash-SHA256": 2 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "375 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://medium.com/detect-fyi/inside-black-basta-ransomware-resilience-and-evolution-after-the-leak-1fd691e7cade" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Black basta" ], "industries": [], "unique_indicators": 29 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/vis.ee", "whois": "http://whois.domaintools.com/vis.ee", "domain": "vis.ee", "hostname": "send.vis.ee" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6806a8e5ee2f5e916e13ea6f", "name": "Inside Black Basta: Ransomware Resilience and Evolution After the Leak", "description": "The Black Basta ransomware group has demonstrated remarkable resilience and adaptability following a significant leak of their internal communications. This leak has provided deep insights into their operations, revealing how they exploit both known and unknown vulnerabilities across various network and security devices. The group's ability to evolve and persist in their attacks poses a substantial threat to organizations worldwide.", "modified": "2025-05-21T20:00:40.207000", "created": "2025-04-21T20:21:57.381000", "tags": [ "black basta", "microsoft", "citrix", "esxi", "powershell", "storm2410", "storm1674", "remote access", "commandline", "basta", "anydesk", "this", "evolution", "shell", "exploit" ], "references": [ "https://medium.com/detect-fyi/inside-black-basta-ransomware-resilience-and-evolution-after-the-leak-1fd691e7cade" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Black Basta", "display_name": "Black Basta", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 22, "hostname": 2, "FileHash-SHA256": 2 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "375 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://send.vis.ee/download/b0ab053e7be94117/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://send.vis.ee/download/b0ab053e7be94117/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780322828.2532468 }