Update ransomware.json: add BlackCat (ALPHV)

clusters/ransomware.json

@@ -5291,7 +5291,7 @@
         ],
         "refs": [
           "http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
-          "http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/",
+          "http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-nues-the-trend-of-accepting-amazon-cards/",
           "https://twitter.com/malwarebread/status/804714048499621888"
         ],
         "synonyms": [
@@ -24225,6 +24225,204 @@
       "uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
       "value": "WhisperGate"
     }
+    {
+      "description": "BlackCat (ALPHV) is ransomware written in Rust. The ransomware makes heavy use of plaintext JSON configuration files to specify the ransomware functionality. BlackCat has many advanced capabilities like escalating privileges and bypassing UAC make use of AES and ChaCha20 or Salsa encryption, may use the Restart Manager, can delete volume shadow copies, can enumerate disk volumes and network shares automatically, and may kill specific processes and services. The ransomware exists for both Windows, Linux, and ESXi systems. Multiple extortion techniques are used by the BlackCat gang, such as exfiltrating victim data before the ransomware deployment, threats to release data if the ransomw is not paid, and distributed denial-of-service (DDoS) attacks.",
+      "meta": {
+        "date": "June 2021",
+        "encryption": [
+          "AES",
+          "ChaCha20",
+          "Salsa"
+        ],
+        "ransomnotes-refs": [
+          "https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png"
+        ],
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat",
+          "https://1-id--ransomware-blogspot-com.translate.goog/2021/12/blackcat-ransomware.html?_x_tr_enc=1&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=ru",
+          "https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809",
+          "https://github.com/f0wl/blackCatConf",
+          "https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/",
+          "https://www.varonis.com/blog/alphv-blackcat-ransomware",
+          "https://www.intrinsec.com/alphv-ransomware-gang-analysis",
+          "https://unit42.paloaltonetworks.com/blackcat-ransomware/"
+        ],
+        "synonyms": [
+          "ALPHV"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "uses"
+        }
+      "uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a",
+      "value": "BlackCat"
+    }
   ],
-  "version": 99
+  "version": 100
 }