⚠
Black Basta
ransomware2 mutex signatures
[BASIC_INFORMATION]
FAMILY_NAME:
Black Basta
CATEGORY:
RANSOMWARE
DESCRIPTION:
Black Basta is a ransomware-as-a-service (RaaS) that emerged in early 2022. It is known for its high-profile attacks and is suspected to have links to the Conti ransomware group. The ransomware is written in C++ and uses a combination of ChaCha20 and RSA-4096 for encryption.
ALIASES:
BlackBasta
TAGS:
raasfile_encryptionextortionconti_link
[MUTEX_SIGNATURES](2)
[MUTEX_01]
dsajdhas.0
ANALYST: @adhikara13 DATE: 2025-07-12
[MUTEX_02]
ofijweiuhuewhcsaxs.mutex
ANALYST: @adhikara13 DATE: 2025-07-13
[QUICK_ACTIONS]
[THREAT_INTELLIGENCE]
ATTRIBUTION:
⚠FIN7
FIRST_OBSERVED:
2022
[SIGMA_RULE]
[STATISTICS]
MUTEX_COUNT:2
THREAT_ACTORS:1
ALIASES:1
TAGS:4
CATEGORY:RANSOMWARE
Malware profile loaded successfully