jordiserrano.meClickFixKAIROSIntelTracker🌐 Traducir
Panel de inteligencia » The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

Reference 2 min lectura unknown---unmapped-actors
Fecha
20 Jun 2026
Actor
unknown---unmapped-actors
Tipo
Reference
Pais
United States
Sector
-
Confianza
medium
75
Prioridad analitica
Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

5IOCs
0TTPs
unknown---unmapped-actorsActor
United StatesPais

The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

Que es

El ransomware Black Kingdom es un tipo de ciberataque que se caracteriza por su uso de Python como lenguaje de programación y PyInstaller para generar ejecutables. Este malware pertenece a una familia de amenazas no identificada, con alias desconocidos. Se ha observado que el ransomware admite dos modos de encriptación: uno generado dinámicamente y otro utilizando una clave predefinida. Analistas han confirmado que, en algunos casos, es posible recuperar archivos cifrados mediante la clave fija integrada, lo que sugiere un diseño con limitaciones técnicas.

Contexto

El grupo responsable de Black Kingdom se identifica como Unknown / Unmapped Actors, lo que indica una falta de atribución clara. Los registros de inteligencia de seguridad (OSINT) muestran que el ransomware ha sido documentado en plataformas como securelist.com y www.bleepingcomputer.com, donde se destacan sus habilidades para comprometer redes mediante vulnerabilidades en servicios como Pulse VPN.

Analisis

El análisis de código reveló que el desarrollo del ransomware presentó aspectos no profesionales, lo que podría indicar una falta de experiencia en técnicas avanzadas. Sin embargo, la existencia de una clave predefinida permite a los usuarios recuperar archivos cifrados si se conoce esa clave. Según informes verificados, existe un script disponible en el sector para desencriptar datos utilizando esta clave, lo que sugiere que las organizaciones podrían mitigar algunos impactos del ataque.
Tipo Valor Contexto
URL https://securelist.com/black-kingdom-ransomware/102873/ Artículo de seguridad en SecureList
URL https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ Reporte sobre vulnerabilidades en Pulse VPN
Domain securelist.com Fuente de análisis técnico
Domain www.bleepingcomputer.com Fuente de noticias sobre vulnerabilidades

Conclusion

El ransomware Black Kingdom representa una amenaza con un nivel de complejidad moderado en comparación con otras familias como RaaS o Big Game Hunting. Aunque su código muestra señales de desarrollo no profesional, la posibilidad de recuperar archivos mediante una clave predefinida sugiere que ciertos impactos pueden ser mitigados. Los indicadores de compromiso (IOCs) identificados en este análisis, incluidas las URLs y dominios mencionados, son esenciales para monitorear actividades relacionadas con esta familia. La vigilancia constante de estos recursos es crítica para prevenir futuros ataques.

Diamond Model

Adversary
unknown---unmapped-actors
Ver perfil →
Victim
The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,
securelist.com
United States
Capability
Reference
Infrastructure
securelist.com
www.bleepingcomputer.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

10 enlaces
Tipo (1)
Valor 281 posts
Domain (2)
securelist.com 28 posts www.bleepingcomputer.com 4 posts
IntelTracker / OSINT link
securelist.com
unknown---unmapped-actors
enlace asociado al actor
IntelTracker / OSINT link
www.cybereason.com
unknown---unmapped-actors
enlace asociado al actor
Nodo actual
The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,
unknown---unmapped-actors · United States
Victima
Lotus Blossom
Valor securelist.com
IOC compartido
Victima
APT21
Valor securelist.com
IOC compartido
Victima
SVCMONDR
Valor securelist.com
IOC compartido
Victima
Vicious Panda
Valor securelist.com
IOC compartido
Victima
SixLittleMonkeys
Valor securelist.com
IOC compartido
Victima
Luminous Moth
Valor securelist.com
IOC compartido
Victima
IronHusky
Valor securelist.com
IOC compartido
Victima
Inception Framework
Valor securelist.com
IOC compartido

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Tipo Valor Contexto VT OffSec SOCRadar
URL https://securelist.com/black-kingdom-ransomware/102873/ Artículo de seguridad en SecureList VT OffSec SOCRadar
URL https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ Reporte sobre vulnerabilidades en Pulse VPN VT OffSec SOCRadar
Domain securelist.com Fuente de análisis técnico VT OffSec SOCRadar
Domain www.bleepingcomputer.com Fuente de noticias sobre vulnerabilidades VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor unknown---unmapped-actors en el blog → Ver unknown---unmapped-actors en IntelTracker → Fuente OSINT: securelist.com → Buscar unknown---unmapped-actors en APTTrail → Repositorio APTTrail → Mas incidentes en United States → Buscar en Google News → Analizar en VirusTotal → Buscar en Shodan → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

JCPenney20 Jun 2026 · breach Comment Crew20 Jun 2026 · china APT220 Jun 2026 · china UPS20 Jun 2026 · china IXESHE20 Jun 2026 · china APT1620 Jun 2026 · china Hidden Lynx20 Jun 2026 · china Wekby20 Jun 2026 · china