Blackmatter
Parent: darkside
Ransomware-as-a-Service
Victims
32
First Discovered
2021-09-08
victim
Last Discovered
2021-11-04
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
50.0%
victims with domain
Countries
1
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
BlackMatter | No | 2026-04-28T07:21:19 |
blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion
|
Target
Top 5 Activity Sectors
- Agriculture and Food Production 6
- Business Services 4
- Technology 4
- Consumer Services 4
- Construction 4
Top 5 Countries
-
United States
2
Heatmap
Ransom Notes (1)
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
PrivatLab
|
TTPs Matrix (9)
| Initial Access | Execution | Defense Evasion | Credential Access | Discovery | Lateral Movement | Exfiltration | Command and Control | Impact |
|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Obfuscated Files or Information | OS Credential Dumping | System Information Discovery | Remote Services: Remote Desktop Protocol | Exfiltration Over Web Service: Exfiltration to Cloud Storage | Application Layer Protocol: Web Protocols | Data Encrypted for Impact |
| Scheduled Task/Job: Scheduled Task | Disable or Modify Tools | Network Share Discovery | Remote Services: SMB/Windows Admin Shares | Inhibit System Recovery |
Negotiation Chats (2)
YARA Rules (2)
Victims (32)
