Storm-1811 (Deprecated)

Also known as: Storm-1811 (Deprecated)

We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: “Storm-1811” (Group). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object.

According to Microsoft security researchers, Storm-1811 is a “financially motivated cybercriminal group known to deploy Black Basta ransomware”.[Microsoft Security Blog 5 15 2024]

Introduction

We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: “Storm-1811” (Group). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object. According to Microsoft security researchers, Storm-1811 is a “financially motivated cybercriminal group known to deploy Black Basta ransomware”.[Microsoft Security Blog 5 15 2024]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • BlackEnergy:
  • SHIPSHAPE:
  • BLACKCOFFEE:
  • Blackshades:
  • BlackNix:
  • CyberGate:
  • Cyber Eye RAT:
  • Archelaus Beta:
  • BlackHole:

Attribution and Evidence

Information pending cataloguing.

References

[1] [Microsoft Security Blog 5 15 2024