ALPHV, also known as BlackCat or Noberus, is a ransomware family that is deployed as part of Ransomware as a Service (RaaS) operations. ALPHV is written in the Rust programming language and supports execution on Windows, Linux-based operating systems (Debian, Ubuntu, ReadyNAS, Synology), and VMWare ESXi. ALPHV is marketed as ALPHV on cybercrime forums, but is commonly called BlackCat by security researchers due to an icon of a black cat appearing on its leak site. ALPHV has been observed being deployed in ransomware attacks since November 18, 2021. ALPHV can be configured to encrypt files using either the AES or ChaCha20 algorithms. In order to maximize the amount of ransomed data, ALPHV can delete volume shadow copies, stop processes and services, and stop virtual machines on ESXi servers. ALPHV can self-propagate by using PsExec to remote execute itself on other hosts on the local network.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
rule ransomware_win_blackcat {
meta:
id = "873355f7-3942-4171-9df7-f524bb6b6903"
description = "Detect the BlackCat ransomware (Windows version)"
author = "Sekoia.io"
creation_date = "2022-01-19"
classification = "TLP:CLEAR"
version = "1.1"
strings:
$s1 = "desktop_image::set_desktop_wallpaper=" ascii
$s2 = "C:\\Users\\Public\\All Usersdeploy_note_and_image_for_all_users=" ascii
$s3 = "propagate::none" ascii
$s4 = "propagate::failed=" ascii
$s5 = "propagate::ok=" ascii
$s6 = "query_status_process::ok=" ascii
$s7 = "enum_dependent_services::ok=" ascii
$s8 = "enum_dependent_services::error=" ascii
$s9 = "try_stop=" ascii
$s10 = "try_stop::ok=" ascii
$s11 = "try_stop::failed=" ascii
$s12 = "stop=" ascii
$s13 = "dependent_service_name=" ascii
$s14 = "kill_all=" ascii
$s15 = "detach=" ascii
condition:
uint16(0)==0x5A4D
and filesize > 2MB and filesize < 4MB
and all of them
}Data on Your network was exfiltrated and encrypted. Modifying encrypted files will result in permanent data loss! Get in touch with us ASAP to get an offer: 1. Download and install Tor Browser from [redactado] 2. Access User Panel at [redactado] THIS IS YOUR PRIVATE USER PANEL ADDRESS, DO NOT SHARE IT WITH ANYONE! See also: Visit our Blog: [redactado] Social Media: [redactado]
Infraestructura Portuaria Mexicana S.A. de C.V. (IPM), subsidiary of PINFRA, was created as a response to 1994 Mexican Federal Government initiative for Port Privatization. The cession was given to IPM on june 1996 for the operation and management of Terminal #2 on the Port of Altamira, with an extension until year 2036.
LAST CHANCE TO START NEGOTIATIONS ÚLTIMA OPORTUNIDADE PARA NEGOCIAR
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| ipmaltamira | MX | Business Services | — | 3 mar 2024 |
| Prefeitura Municipal de Itabira | BR | Public Sector | — | 24 dic 2023 |
| LCA Consultores | BR | Business Services | — | 24 nov 2023 |
| Comfloresta | BR | Agriculture and Food Production | — | 6 nov 2023 |
| BrData Tecnologia | BR | Technology | — | 9 oct 2023 |
| Credifiel was hacked and a lot of personal customer and financial information was stolen | MX | Financial Services | — | 12 sept 2023 |
| Pharmatech Repblica Dominicana was hacked. All sensitive company and customer information | DO | Healthcare | — | 4 ago 2023 |
| Grupo Garza Ponce was hacked! Due to a massive company vulnerability, more than 2 TB of se | MX | Construction | — | 4 ago 2023 |
| Municipio de Quito | EC | Public Sector | — | 26 jul 2023 |
| Imagen Television | MX | Consumer Services | — | 26 jul 2023 |
| Unisuper SA | GT | Consumer Services | — | 26 jul 2023 |
| herccombr | BR | Business Services | — | 26 jul 2023 |
| RecordTV | BR | Telecommunication | — | 26 jul 2023 |
| unipilotoeduco | CO | Education | — | 26 jul 2023 |
| Comando Conjunto de las Fuerzas Armadas Del Ecuador | EC | Public Sector | — | 26 jul 2023 |
| ELOTECH - HACKED AND MORE THEN 100 GB DATA LEAKED! | BR | Public Sector | — | 26 jul 2023 |
| Empresas Públicas de Medellín | CO | Energy | — | 26 jul 2023 |
| Grupo Estrategas EMM | MX | Financial Services | — | 26 jul 2023 |
| IFPA | BR | Education | — | 26 jul 2023 |
| Empresa Distribuidora de Electricidad del Este, Revenue $6336M | DO | Energy | — | 26 jul 2023 |
| FABREGA MOLINO (fmmcompa) | PA | Financial Services | — | 26 jul 2023 |
| Mutual de Seguros de Chile | CL | Financial Services | — | 26 jul 2023 |
| Yucatan | MX | Public Sector | — | 26 jul 2023 |
| Lisa Logística was hacked A great amount of critical information has been stolen | BR | Transportation/Logistics | — | 26 jul 2023 |
| CA de Seguros La Occidental was hacked A huge amount of confidential data was stolen | VE | Financial Services | — | 26 jul 2023 |
| Saville Row - Grupo GTD was hacked A huge amount of personal information was stolen | CL | Consumer Services | — | 26 jul 2023 |
| Fundação Carlos Chagas | BR | Education | — | 26 jul 2023 |
| ambitco - finvestambitco Private Banking | CO | Financial Services | — | 26 jul 2023 |
| Grupo Cativa was hacked Huge amounts of critical information have been stolen | BR | Manufacturing | — | 26 jul 2023 |
| AKRON Mquinas Agrcolas | AR | Agriculture and Food Production | — | 26 jul 2023 |
| Coca-Cola FEMSA | MX | Agriculture and Food Production | — | 26 jul 2023 |
| Algeibacom has a critical level of security on its network Customer and partner data is st | AR | Technology | — | 26 jul 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
LCA operates in the areas of Macroeconomics, Market Intelligence, Economics of Law, and Investments and Corporate Finance , and from there offers a set of more than 15 lines of services, providing customized solutions according to the needs of each client.
Excellence in Forest Management. Founded in 1970, Comforesta Cia. Catarinense de Empreendimentos Florestais, with headquarters in Joinville - Santa Catarina. The company operates in the management of renewable forests in 14 municipalities of Santa Catarina, and 02 in Parana, meeting with excellence the most rigorous concepts of conservation and current legislation.
BRdata Tecnologia specializes in developing integrated business management systems, giving your company fast and accurate information for decision-making.
Headquarters: 484 Morelos, Culiacan, Sinaloa, Mexico Phone Number: +52 6672360952 Credifiel Website Website www.credifiel.com.mx Linkedin: [enlace omitido] Facebook: [enlace omitido] Twitter: [enlace omitido]