Upon the infection, various open source and commercially available tools are leveraged to boost the remote access capabilities of BlackCat. Threat actors typically rely on unpatched or outdated firewalls or VPN services to get an initial foothold on the exposed networks or grab VPN creds to log in as authorized users. The latest investigation by Sophos reveals that BlackCat maintainers keep enhancing the malware strain with new tricks. Security researchers believe BlackCat might be the successor to DarkSide or BlackMatter ransomware groups suggesting a complex skill set of its operators. Click the Explore Threat Contex t button to reach insightful contextual information, including MITRE ATT&CK references, CTI links, and Windows executable binaries linked to the Sigma rules that accompany your search for related threats.ĭetect & Hunt Explore Threat Context BlackCat Analysis: The Latest UpdatesĪfter it first emerged in November 2021, BlackCat (aka Alphv) promptly self-declared as a new ransomware-as-a-service (RaaS) leader, driving a lot of attention due to its unusual Rust coding language, sophisticated malicious capabilities, and generous offering for the affiliates to keep 90% of the ransom payments. Alternatively, Threat Hunters, Cyber Threat Intelligence specialists, and other cyber defenders can instantly explore the comprehensive threat context behind BlackCat ransomware operations even without registration. To gain access to the dedicated toolkit, click the Detect & Hunt button. SOC Prime’s platform curates the entire list of detection algorithms to help organizations timely identify the BlackCat ransomware activity in their environment. Cybersecurity practitioners can also instantly hunt for threats associated with the BlackCat ransomware operations using the above-mentioned Sigma rule via SOC Prime’s Quick Hunt module. To ensure enhanced visibility into related threats, the detection is aligned with the MITRE ATT&CK® framework addressing the Process Injection (T1055) technique from the Defense Evasion tactic repertoire. The Sigma rule above can be applied across 18 SIEM, EDR, and XDR solutions supported by SOC Prime’s platform. Seasoned and promising cyber defenders with a keen flair for cybersecurity and ambitions for self-advancement are welcome to join our Threat Bounty Program to craft detection algorithms, share them with industry peers, gain recognition, and earn financial rewards for their contributions. Possible Brute Ratel Named Pipe Creation in BlackCat Ransomware Operation (via Pipe_Event) Sign up or log into SOC Prime’s platform to access the detection written by our prolific Threat Bounty developer Kyaw Pyiyt Htet (Mik0yan) : SOC Prime’s Detection as Code platform has recently released a new Sigma rule to detect a Brute Ratel malicious tool deployed in the latest BlackCat ransomware operations. With ransomware remaining a rising trend in the cyber threat landscape in 2021-2022, cybersecurity practitioners strive to protect against related threats. To keep abreast of the ever-changing threat landscape and effectively withstand attacks that are growing in volumes and sophistication, global organizations are looking for ways to boost their cyber defense capabilities. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines. Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |