jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » BushidoUK RVM Profile: BlackCat

BushidoUK RVM Profile: BlackCat

Threat-actor 2 min lectura blackcat
Fecha
18 Jun 2026
Actor
blackcat
Tipo
Threat-actor
Pais
United Kingdom
Sector
Media
Confianza
high
85
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

7IOCs
0TTPs
blackcatActor
United KingdomPais
Executive Summary
Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

Key Points

  • Source: BushidoUK RVM GroupProfiles
  • BushidoUK RVM Repository

Group Profile: BlackCat

Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

BlackCat's Exploited Vulnerabilities

> [!NOTE]

> This is the list of vulnerabilities that have been observed during intrusions that lead to BlackCat ransomware deployment or data exfiltration and leaks published to BlackCat's Tor Site

Citrix

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| NetScaler ADC & Gateway | CVE-2023-4966 ("Citrixbleed") | BlackCat | therecord.media |

ConnectWise

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| ScreenConnect | CVE-2024-1708 & CVE-2024-1709 | BlackCat | bleepingcomputer.com |

Linux System Utilities

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Polkit pkexec| CVE-2021-4034 ("Pwnkit") | BlackCat | crowdstrike.com |

Windows & MS Server Products

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Exchange On-Prem | CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ("ProxyShell") | BlackCat | trendmicro.com |

| Secondary Logon Service | CVE-2016-0099 | BlackCat | kaspersky.com |

Pulse Secure / Ivanti

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Ivanti EPM Cloud Services Appliance (CSA) | CVE-2021-44529 | BlackCat | crowdstrike.com |

SonicWall

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SMA 100 | CVE-2019-7481 | BlackCat | blackberry.com |

VMware

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| vSphere Client | CVE-2021-21972 | BlackCat | crowdstrike.com |

---

#### Sources

| Date Published | Report |

|---|---|

| 29 February 2024 | https://www.crowdstrike.com/en-us/blog/anatomy-of-alpha-spider-ransomware/ |

| 27 February 2024 | https://www.bleepingcomputer.com/news/security/fbi-cisa-warn-us-hospitals-of-targeted-blackcat-ransomware-attacks/ |

| 27 November 2023 | https://therecord.media/fidelity-national-financial-ransomware-alphv-black-cat |

| 31 March 2023 | https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/blackcat |

| 23 June 2022 | https://go.kaspersky.com/rs/802-IJN-240/images/Common-TTPs-of-the-modern-ransomware_low-res.pdf |

| 18 April 2022 | https://www.trendmicro.com/en_gb/research/22/d/an-investigation-of-the-blackcat-ransomware.html |

Referencias

Diamond Model

Adversary
blackcat
Ver perfil →
Victim
BushidoUK RVM Profile: BlackCat
United Kingdom
Capability
Threat-actor
Infrastructure
www.crowdstrike.com
www.bleepingcomputer.com
therecord.media
www.blackberry.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
File Common-TTPs-of-the-modern-ransomware_low-res.pdf Artefacto observado VT OffSec SOCRadar
Domain www.crowdstrike.com Extraido del contenido VT OffSec SOCRadar
Domain www.bleepingcomputer.com Extraido del contenido VT OffSec SOCRadar
Domain therecord.media Extraido del contenido VT OffSec SOCRadar
Domain www.blackberry.com Extraido del contenido VT OffSec SOCRadar
Domain go.kaspersky.com Extraido del contenido VT OffSec SOCRadar
Domain www.trendmicro.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor blackcat en el blog → Ver blackcat en IntelTracker → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com → Buscar blackcat en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen