Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Attackers deploying the Noberus (aka BlackCat, ALPHV) ransomware have been using new tactics, tools, and procedures (TTPs) in recent months, making the threat more dangerous than ever. Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software.

REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps

TAGS: Darkside, BlackMatter, Credential Stealer, Ransomware, Exmatter, Eamfo

ADVERSARY: FIN7

INDUSTRIES: Banking, Hospitality, Retail

MALWARE FAMILIES: Noberus, BlackMatter, Eamfo

ATT&CK IDS: T1014 - Rootkit, T1566 - Phishing, T1081 - Credentials in Files, T1011 - Exfiltration Over Other Network Medium, T1022 - Data Encrypted

Read More:

https://otx.alienvault.com/pulse/632c71813d73b773f1dd81f8