BushidoUK RVM Profile: BlackBasta

Group Profile: BlackBasta

Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

BlackBasta's Exploited Vulnerabilities

> [!NOTE]

> This is the list of vulnerabilities that have been observed during intrusions that lead to BlackBasta ransomware deployment or data exfiltration and leaks published to BlackBasta's Tor Site

ConnectWise

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| ScreenConnect | CVE-2024-1709 & CVE-2024-1709 | BlackBasta | cisa.gov |

VMware

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| ESXi | CVE-2024-37085 ("ESX Admins") | BlackBasta | microsoft.com |

Windows

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Windows Error Reporting Service | CVE-2024-26169 | BlackBasta | www.security.com |

| MSDT | CVE-2022-30190 ("Follina") | BlackBasta | sentinelone.com / trendmicro.com |

| Active Directory | CVE-2021-42278 & CVE-2021-42287 ("NoPac") | BlackBasta | cisa.gov |

| Print Spooler | CVE-2021-1675 & CVE-2021-34527 ("PrintNightmare") | BlackBasta | cisa.gov |

| NetLogon | CVE-2020-1472 ("ZeroLogon") | BlackBasta | cisa.gov |

---

#### Sources

| Date Published | Report |

|---|---|

| 29 July 2024 | https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ |

| 10 May 2024 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a |

Referencias

• Source: BushidoUK RVM GroupProfiles
• BushidoUK RVM Repository