Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
BlackByte ransomware
*/
rule BlackByte
{
meta:
author = "rivitna"
family = "ransomware.hive"
description = "BlackByte ransomware Windows payload"
severity = 10
score = 100
strings:
// String decryption
$h0 = { 83 E? 05 48 83 C? 01 88 4? FF 4? 39 ?? (74 | 75) ?? }
$s0 = "\x00main.RSA\x00" ascii
$s1 = "\x00main._Cfunc_Begin\x00" ascii
$s2 = "\x00main._Cfunc_Inj\x00" ascii
$s3 = "\x00main.Inja" ascii
$s4 = "\x00main.SetWinVer\x00" ascii
$s5 = "\x00main.DelShadows" ascii
$s6 = "\x00main.StartNetworkS" ascii
$s7 = "\x00main.EnableLink" ascii
$s8 = "\x00main.EnableLongPaths" ascii
$s9 = "\x00main.GrantAll" ascii
$s10 = "\x00main.LanScan" ascii
$s11 = "\x00main.SetupKey\x00" ascii
$s12 = "\x00main.PbKey\x00" ascii
$s13 = "\x00main.Pognali" ascii
$s14 = "\x00main.ShowNote" ascii
$s15 = "\x00main.MountDrives" ascii
$s16 = "\x00main.StopAllsvc" ascii
$s17 = "\x00main.GenDrives" ascii
$s18 = "\x00main.ParsePC" ascii
$s19 = "\x00main.GetAccess" ascii
$s20 = "\x00main.KillHypers" ascii
$s21 = "\x00main.ParseHypers" ascii
$s22 = "\x00main.Aes256Encr\x00" ascii
$s23 = "\x00main.Aes256Decr\x00" ascii
condition:
((uint16(0) == 0x5A4D) and (uint32(uint32(0x3C)) == 0x00004550)) and
(
(1 of ($h*)) or (4 of ($s*))
)
}
██████╗ ██╗ █████╗ ██████╗██╗ ██╗██████╗ ██╗ ██╗████████╗███████╗ ██████╗ ██████╗ ██╔══██╗██║ ██╔══██╗██╔════╝██║ ██╔╝██╔══██╗╚██╗ ██╔╝╚══██╔══╝██╔════╝ ╚════██╗ ██╔═████╗ ██████╔╝██║ ███████║██║ █████╔╝ ██████╔╝ ╚████╔╝ ██║ █████╗ █████╔╝ ██║██╔██║ ██╔══██╗██║ ██╔══██║██║ ██╔═██╗ ██╔══██╗ ╚██╔╝ ██║ ██╔══╝ ██╔═══╝ ████╔╝██║ ██████╔╝███████╗██║ ██║╚██████╗██║ ██╗██████╔╝ ██║ ██║ ███████╗ ███████╗██╗╚██████╔╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚══════╝╚═╝ ╚═════╝ +-----------------------------------------------------------------------------+ | All your files have been encrypted, your confidential data has been stolen, | | in order to decrypt files and avoid leakage, you must follow our steps. | +-----------------------------------------------------------------------------+ +------------------------------------------------------------------------------------------------------------------------------------+ | 1) Download and install TOR Browser from this site: [redactado] | | | | 2) Paste the URL in TOR Browser and you will be redirected to our chat with all information that you need. | | | | 3) If you read this message thats means your files already for sell in our Auction. | | Everyday of delaying will cause higer price. after 4 days if you wont connect us, | | We will remove your chat access and you will lose your chance to get decrypted. | | | +------------------------------------------------------------------------------------------------------------------------------------+ +---------------------------------------------------------------------------------------------------+ | Warning! Communication with us occurs only through this link, or through our mail on our Auction. | | We also strongly DO NOT recommend using third-party tools to decrypt files, | | as this will simply kill them completely without the possibility of recovery. | | I repeat, in this case, no one can help you! | +---------------------------------------------------------------------------------------------------+ Your URL: [redactado] Your Key to access the chat: [snip] Find our Auction here (TOR Browser): [redactado]
CPAT FLEX provides innovative ingress and leakage detection solutions specifically designed for Hybrid Fiber-Coaxial (HFC) networks. Their product lineup includes a range of advanced tools that enhance network performance, ensure reliability, and simplify maintenance for network operators. Targeting cable network providers, they offer solutions for both ingress noise management and cable leakage detection, ensuring compliance with industry regulations. CPAT FLEX emphasizes creativity and collaboration to help clients improve service quality and reduce operational disruptions.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Cpat Flex | BR | Telecommunication | — | 30 jul 2025 |
| TOTVS | BR | Technology | — | 30 sept 2024 |
| Cementos Bio-Bio | CL | Manufacturing | — | 9 abr 2023 |
| CPTM | BR | Transportation/Logistics | — | 29 dic 2022 |
| lapiamontesa | AR | Manufacturing | — | 22 nov 2022 |
| Broto Legal | BR | Agriculture and Food Production | — | 5 nov 2022 |
| Municipio de Chihuahua | MX | Public Sector | — | 26 oct 2022 |
| UNE | PE | Education | — | 21 oct 2022 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
TOTVS is a prominent Brazilian software company specializing in enterprise resource planning (ERP) solutions. Founded in 1983, it caters primarily to small and medium-sized businesses across various industries, including manufacturing, retail, and healthcare. TOTVS offers a comprehensive suite of software products that help organizations manage their operations efficiently, from accounting to supply chain management. Known for its innovation and leadership in the Latin American market, TOTVS is committed to driving digital transformation and improving business productivity.
Cementos Bio Bio S.A. manufactures and sells cement in Chile and internationally. It provides clinker, pozzolana, gypsum, pozzolanic portland, and other cement; and concrete products for housing, buildings, pavement, infrastructure, and mining projects.
The São Paulo Metropolitan Train Company is a commuter rail system owned by the Secretariat of Urban Transportation of the State of São Paulo. It was created in 1992 with the merger of several railways in Greater São Paulo, Brazil.
n a property greater than 39,000 square meters, with more than 21,000 square meters of covered facilities and with a staff that exceeds 600 employees and another 250 indirect collaborators, throughout the country, La Piamontesa SA is a of the industries that occupies the ranking of the first leading companies in the sector of cold meats in Argentina.In its modern facilities in the town of Brinkmann - San Justo Department, Córdoba province, more than 18,000 tons of pork are processed annually, reaching an annual production of more than 24,000 tons of finished product.The main activity of La Piamontesa SA is the production of cold cuts, sausages and the like, fulfilling the integral production cycle that includes:
Broto Legal was founded in the 1970s and engages in the commercialization of rice, beans, potatoes, onions and corn for the region of Campinas, Brazil.