Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Category Details References
Actors    
First Observed April 2022 1
Threat Actors TBD  
Environment    
Platforms Windows and Linux 2
Artifacts    
Extensions .basta 2
Ransomware Notes readme.txt 2
Services It Disables TBD  
Other Observables TBD  
Automation    
Automatically Gains Access No. Uses phishing/Quakbot 2
Automatically Escalates Privileges No. Black Basta exploits the PrintNightmare vulnerability (CVE-2021-34527) 1
Requires Human Interaction No  
Automatic Exfiltration No. Uses Cobeacon to exfiltrate the stolen data on an established command-and-control (C&C) server. It uses Rclone to exfiltrate data from compromised systems. 1
Automatic Propagation No 1

Please note, this page was last updated at 2023-03-14 20:21.