Black Basta (Post-Leak) Active

Continued operations despite internal chat leaks in early 2025.
PDF Report Back to Groups
1
Total Victims
2025-01-01
First Seen
2026-03-06
Last Seen
21
Known TTPs
1.7d
Avg Delay
0
Negotiations
ONION URLS
rqpc252xbsoaccq23d23w7bbx3zwx2a4cbmdwr7ta5hmcdvhjut2kx6a.onion
https://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion
aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion
bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion
TOOLS
Atera GMER ConnectWise BloodHound
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Continental Associates Australia Mining Published
Technique ID Technique Name Tactic
T1074.001 Local Data Staging Collection
T1560.001 Archive via Utility Collection
T1219 Remote Access Software Command and Control
T1572 Protocol Tunneling Command and Control
T1003.001 LSASS Memory Credential Access
T1070.004 File Deletion Defense Evasion
T1562.009 Safe Mode Boot Defense Evasion
T1016 System Network Configuration Discovery Discovery
T1082 System Information Discovery Discovery
T1087 Account Discovery Discovery
T1059.006 Python Execution
T1485 Data Destruction Impact
T1489 Service Stop Impact
T1490 Inhibit System Recovery Impact
T1133 External Remote Services Initial Access
T1190 Exploit Public-Facing Application Initial Access
T1021.001 Remote Desktop Protocol Lateral Movement
T1021.004 SSH Lateral Movement
T1543.003 Windows Service Persistence
T1547.001 Registry Run Keys Persistence
T1548.002 Bypass UAC Privilege Escalation

No YARA rules

No IoCs

No ransom notes