From f066061f4b208d9d5cbea159b68a9b934f6d9d66 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 29 Nov 2023 11:28:37 -0800 Subject: [PATCH] [threat-actors] Add Blacktail --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 0ca3a2f..7a52ac8 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13513,6 +13513,19 @@ }, "uuid": "55bcc595-2442-4f98-9477-7fe9b507607c", "value": "SilverFish" + }, + { + "description": "Blacktail is a cybercrime group that has gained attention for its ransomware campaigns, particularly the Buhti ransomware. They are known for using custom-built data exfiltration tools and have been observed exploiting vulnerabilities in both Windows and Linux systems.", + "meta": { + "refs": [ + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware", + "https://fortiguard.fortinet.com/threat-signal-report/5170", + "https://www.redpacketsecurity.com/new-buhti-ransomware-gang-uses-leaked-windows-linux-encryptors/", + "https://www.redpacketsecurity.com/buhti-ransomware-gang-switches-tactics-utilizes-leaked-lockbit-and-babuk-code/" + ] + }, + "uuid": "e06e1bcd-7da2-4732-934a-9fa1efa427ad", + "value": "Blacktail" } ], "version": 295