BlackCat | 脅威レベル: critical | 種別: Ransomware

暗号学的識別子

SHA256e9cef52bf082c87766bbac0b3324c3d76e66e9d5b943e751a04583dc041a0273
MD5da0bc578134b0871ce7700c9072d2797
ファイル種別exe
サイズ45.5 KB
初回確認2023-03-14
ファイル名logoff.exe
タグblackcat, exe, Ransomware

マルウェア ファミリー: BlackCat

BlackCat, Rust ile yazılan ransomware'dir.

種別Ransomware
プログラミング言語Rust
対象プラットフォームWindows/Linux
C2 プロトコル
目的Çapraz platform ransomware
初回確認年2021
別名ALPHV

脅威指標 (IOC)

  • SHA256: e9cef52bf082c87766bbac0b3324c3d76e66e9d5b943e751a04583dc041a0273
  • MD5: da0bc578134b0871ce7700c9072d2797

システム クリーンアップ ガイド

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. 身代金は支払わない(ファイル復旧の保証はありません)
  3. 影響を受けたドライブを隔離する
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. 利用可能な復号ツールを試す(NoMoreRansom プロジェクト)
  6. Yetkililere ihbarda bulunun
  7. Temiz bir yedekten kurtarın

YARA ルールのヒント

rule BlackCat_SHA256 {
    meta:
        description = "BlackCat sample: e9cef52bf082c877"
        threat_level = "critical"
        first_seen = "2023-03-14"
    condition:
        hash.sha256(0, filesize) == "e9cef52bf082c87766bbac0b3324c3d76e66e9d5b943e751a04583dc041a0273"
}

BlackCat — マルウェアプロファイル

BlackCat, Rust ile yazılan ransomware'dir.

マルウェアの種類
Ransomware
プログラミング言語
Rust
C2プロトコル
標的システム
Windows/Linux
別名 (AKA)
ALPHV

技術詳細

BlackCat (ALPHV) is the first major ransomware written in Rust, enabling cross-platform attacks on Windows, Linux, and VMware ESXi. Emerged November 2021 as a RaaS operation. Triple extortion: file encryption + data exfiltration + DDoS threats. Uses AES-128 (CTR mode) or ChaCha20 for file encryption with RSA-2048 for key protection. Highly configurable JSON config: target extensions, excluded paths, credential stuffing. Uses intermittent encryption (partial file encryption) for speed. ALPHV 3.0 (Sphynx) introduced EXMATTER data exfiltration tool. FBI disrupted December 2023 with decryption keys released for 500 victims. Believed operated by former DarkSide/BlackMatter members.

アトリビューション / 脅威アクター

ALPHV (linked to DarkSide/BlackMatter)

機能と挙動

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOCリスト (2 件の指標)

IOC — BlackCat
# SHA256 e9cef52bf082c87766bbac0b3324c3d76e66e9d5b943e751a04583dc041a0273 # MD5 da0bc578134b0871ce7700c9072d2797
タイプメモ
sha256 e9cef52bf082c87766bbac0b3324c3d76e66e9d5b943e751a04583dc041a0273 BlackCat
md5 da0bc578134b0871ce7700c9072d2797 BlackCat
タグ
blackcatransomwaremalwarecriticalsha256analizzenginleştirilmiş