Ransomware.live - Group : Blackmatter

Ransomware Group:

Blackmatter

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransomware-as-a-Service

Sites

Favicon	Title	Available	Last Visit	FQDN	Screenshot
	BlackMatter	🔴	2021-11-04 21:45:29.471099	blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion	N/A

External information

CISA Alert aa21-291a

Tools used

Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
							PrivatLab

This information is provided by Ransomware-Tool-Matrix

Yara Rules

Click here to open yara rules

Negotiation chats

Name	# Msg	Initial Ransom	Negotiated Ransom	Paid
20210907	77	N/A	N/A
20210829	44	N/A	N/A

This information is provided by Valéry Marchive & Julien Mousqueton

Ransom Note(s)

Click here to see Ransom Note(s)

Activity over time

Worldmap

32 Victims

National Beverage

Ransomware Group:

Discovery Date: 2021-11-04 16:05

Sector:

Victim: | Group:

Keycentrix

Ransomware Group:

Discovery Date: 2021-11-04 16:05

Sector:

Group:

Jobbers Meat Packing Co., Inc.

Ransomware Group:

Discovery Date: 2021-11-04 16:05

Sector:

Group:

Home State Bank

Ransomware Group:

Discovery Date: 2021-11-04 16:05

Sector:

Group:

Armour Transportation Systems

Ransomware Group:

Discovery Date: 2021-11-04 16:05

Sector:

Group:

ZKTeco USA

Ransomware Group:

Discovery Date: 2021-10-04 07:15

Sector:

Group:

crystalvalley

Ransomware Group:

Discovery Date: 2021-09-29 01:35

Sector:

Group:

Bumper to Bumper Autoparts

Ransomware Group:

Discovery Date: 2021-09-21 09:14

Sector:

Group:

LA-Martiniquaise

Ransomware Group:

Discovery Date: 2021-09-20 20:11

Sector:

Group:

JMclaughlin

Ransomware Group:

Discovery Date: 2021-09-20 15:11

Sector:

Group:

CasagrandeGroup

Ransomware Group:

Discovery Date: 2021-09-20 15:11

Sector:

Group:

BCP Securities

Ransomware Group:

Discovery Date: 2021-09-20 15:11

Sector:

Group:

Pramer Baustoffe GmbH

Ransomware Group:

Discovery Date: 2021-09-20 13:14

Sector:

Group:

Ellerboeck

Ransomware Group:

Discovery Date: 2021-09-20 13:14

Sector:

Group:

Citrocasa GmbH

Ransomware Group:

Discovery Date: 2021-09-20 13:14

Sector:

Group:

Actief-Jobmade

Ransomware Group:

Discovery Date: 2021-09-20 13:14

Sector:

Group:

Eisvogel Hubert Bernegger GmbH

Ransomware Group:

Discovery Date: 2021-09-20 11:10

Sector:

Group:

Pulmuone Co., Ltd.

Ransomware Group:

Discovery Date: 2021-09-18 00:16

Sector:

Group:

Modern Testing Services

Ransomware Group:

Discovery Date: 2021-09-17 18:11

Sector:

Group:

northwoods & spectrumfurniture

Ransomware Group:

Discovery Date: 2021-09-17 09:13

Sector:

Group:

EQUITY TRANSPORTATION

Ransomware Group:

Discovery Date: 2021-09-15 16:12

Sector:

Group:

River City Construction

Ransomware Group:

Discovery Date: 2021-09-11 12:11

Sector:

Group:

hhcp.com

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Network Telecom / Enreach

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Pine Labs Pvt

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Kaydon Corporation (SKF Group Brand)

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

tastefulselections & WFG

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Middleton Reutlinger

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

g-able.com

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Diamond Schmitt

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Trust Capital Funding

Ransomware Group:

Discovery Date: 2021-09-09 23:46

Sector:

Group:

Olympus

Ransomware Group:

Discovery Date: 2021-09-08 00:00

Sector: Information Technology

Group:

×

Infostealer information available for

Employees(s)	Customer(s)	Third Party Employee(s)

This information is provided by HudsonRock

×

import "pe"
import "hash"
        
rule ransomware_win_blackmatter {
    meta:
        id = "9b2d8ac3-b4d1-40f5-ac57-411547dcb2cf"
        version = "1.0"
        description = "Detect Black matter ransomware (2021-07-23)"
        author = "Sekoia.io"
        creation_date = "2021-08-03"
        classification = "TLP:CLEAR"
        
    condition:
        for any i in (0..pe.number_of_sections-1) : (
            hash.md5(pe.sections[i].raw_data_offset, pe.sections[i].raw_data_size) == "5e89d335de2021a2c268acf00ec513e5"
        )
}