IOC Radar
SHA256HighVerifiedSignal 96/100

3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a

Location
ItalyItaly
First Seen
May 13, 2024
Last Seen
Jun 3, 2026
May 13
First Seen
763d ago
Jun 3
Last Seen
12d ago
5
Reports
source reports
96%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

251 techniques

Feed Intelligence Summary

5 reports96% confidence
5
Source reports
96%
Confidence score
Category tags
#stopransomware: black bastaaa24-131aanydeskattackaustraliabastabatloaderbghbitsblack bastablackbastabotnetbrute ratelc++c2c2 endpointcanadacertchacha20cisacisa advisorycobalt strikecode executioncommand and controlcommand executioncommunications networksconticoroxycredential accesscredential harvestingcredential theftcritical infrastructurecyberdata encryptiondata exfiltrationdata theftdefense systemsdistributed attacksdouble extortionelectronic health recordsemergency servicesemotetencryptionenergy systemsevilproxyextortionfile-hashfinance and insurancefinancial systemsfrancegermanyghostgovernment facilitieshealth care and social assistancehealth information technologyhealthcare information systemshospital managementhvs iocsicmp trafficimpactincident responseindicatorinfrastructure acquisitionreconnaissanceingress tool transferinstalliociocsiocsyouitalyjapankrolllateral movementlegallinuxlocalmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmedical servicesmegamicrosoft teamsmisp eventmisp feedmitre attnetcatnetsupport managernew zealandnopacnorth americaoperating systempatient carephishingphishing attackpinkslipbotprocess injectionpsexecqakbotqbotquick assistraasransomransomwarercloneresearchedretail tradersa-4096scripting attackssocial engineeringsoftware exploitationstopransomwarestorm-1811strongsystem disruptiont1001t1003t1003.001t1003.003t1003.004t1003.007t1007t1012t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1025t1027t1027.002t1027.003t1033t1036t1036.001t1036.002t1036.003t1036.004t1036.005t1036.006t1036.007t1041t1046t1047t1049t1053t1053.001t1053.002t1053.003t1053.004t1053.005t1053.007t1055t1055.001t1055.002t1055.003t1055.004t1055.008t1055.011t1055.012t1055.013t1056t1056.001t1056.003t1056.004t1057t1059t1059.001t1059.002t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1070.004t1070.005t1070.006t1070.007t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1090t1095t1098t1098.001t1098.002t1098.003t1102t1102.001t1102.002t1102.003t1105t1106t1110t1110.001t1110.002t1110.003t1112t1113t1133t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1136t1136.001t1136.002t1136.003t1140t1185t1187t1189t1190t1195t1197t1203t1204t1204.001t1204.002t1210t1213t1213.001t1213.002t1213.003t1218t1222t1486t1490t1496t1497t1498t1499.002t1499.003t1531t1543t1543.001t1543.002t1543.003t1543.004t1543.005t1546t1546.001t1546.002t1546.003t1546.004t1546.005t1546.006t1546.007t1546.008t1546.009t1546.010t1546.011t1546.012t1546.013t1546.014t1546.015t1547t1547.001t1547.009t1550t1550.001t1550.002t1550.003t1550.004t1555t1555.003t1555.004t1560t1562t1562.001t1562.002t1562.003t1562.004t1564t1564.001t1564.002t1564.003t1564.004t1564.005t1564.006t1564.007t1565t1566t1566.001t1566.002t1566.003t1568t1569t1569.002t1570t1571t1572t1573t1573.001t1574t1574.001t1574.002t1574.004t1574.005t1574.006t1574.008t1574.009t1574.010t1574.011t1583t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1588.007t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1591t1591.001t1591.002t1591.003t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608threat actorthreat intelligencetoolstransportation networkstrend microtrickbotunited statesvmware esxiwandering spiderwater systemsweb securitywebdavwinscpwizard spiderwmi

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
5
Reports
First seenMay 13, 2024
Last seenJun 3, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Black Basta is a financially motivated ransomware group that began operations in 2022. It targets organizations across various sectors, including manufacturing, healthcare, and finance, using a double extortion method. The group encrypts victims' systems and threatens to leak stolen data unless a ransom is paid. Their ransomware spreads via phishing campaigns, exploiting vulnerabilities in systems. Black Basta is known for collaborating with other cybercriminals, which enhances the impact and sophistication of their attacks.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 years ago · Last seen 12 days ago
Appeared in 5 threat reports