top of page

BlackCat

Name

Category

Type

Targeted OS

Description

Information

BlackCat
ALPHV
ALPHVM
Noberus

Malware

Ransomware
Big Game Hunting

Windows & Linux

(Palo Alto) The malware itself is coded in the Rust programming language. Though this is not the first piece of malware to use Rust, it is one of the first, if not the first, piece of ransomware to use it. By leveraging this programming language, the malware authors are able to easily compile it against various operating system architectures. Given its numerous native options, Rust is highly customizable, which facilitates the ability to pivot and individualize attacks.

https://unit42.paloaltonetworks.com/blackcat-ransomware/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware
https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/
https://www.intrinsec.com/alphv-ransomware-gang-analysis/
https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/
https://www.varonis.com/blog/alphv-blackcat-ransomware
https://cybersecurity.att.com/blogs/labs-research/blackcat-ransomware
https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware
https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
https://securelist.com/a-bad-luck-blackcat/106254/
https://www.darkreading.com/attacks-breaches/blackcat-purveyor-shows-ransomware-operators-have-nine-lives
https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html
https://www.ic3.gov/Media/News/2022/220420.pdf
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html

Malpedia

<a href=https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat
https://malpedia.caad.fkie.fraunhofer.de/details/elf.blackcat
target="_blank" style="text-decoration: underline">https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat
https://malpedia.caad.fkie.fraunhofer.de/details/elf.blackcat

Alienvault OTX

NIL

Playbook

https://pan-unit42.github.io/playbook_viewer/?pb=blackcat-ransomware

CISA

Other Information

Mitre

Mitre Techniques

Mitre Techniques  Navigator Link

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a

NIL

https://attack.mitre.org/software/S1068/

['T1548', 'T1134', 'T1087', 'T1059', 'T1486', 'T1491', 'T1561', 'T1083', 'T1222', 'T1070', 'T1490', 'T1570', 'T1112', 'T1135', 'T1069', 'T1018', 'T1489', 'T1082', 'T1033', 'T1047']

https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fsoftware%2FS1068%2FS1068-enterprise-layer.json

bottom of page