jordiserrano.meClickFixKAIROSIntelTracker🌐 Traducir
Panel de inteligencia » The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

Reference 2 min lectura unknown---unmapped-actors
Fecha
22 Jun 2026
Actor
unknown---unmapped-actors
Tipo
Reference
Pais
United States
Sector
-
Confianza
medium
75
Prioridad analitica
Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

5IOCs
0TTPs
unknown---unmapped-actorsActor
United StatesPais

The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,

Que es

Black Kingdom es una familia de ransomware que destaca por su complejidad técnica y su enfoque innovador frente a otras familias como Ransomware-as-a-Service (RaaS) o Big Game Hunting (BGH). Este malware está codificado en Python y se compila en un archivo ejecutable mediante PyInstaller, lo que permite una distribución flexible. Su mecanismo de cifrado incluye dos modos: uno generado dinámicamente y otro que utiliza una clave predefinida. Esta característica sugiere una estructura de desarrollo menos profesional, con posibilidades de recuperación de archivos en caso de que se utilice la clave fija.

Contexto

El ataque se atribuye a un grupo sin identidad conocida, denominado Unknown / Unmapped Actors, quien actúa como un actor APT regional. Los datos recolectados por OSINT indican que el ransomware ha sido utilizado para comprometer redes de víctimas mediante vulnerabilidades en servicios como PulseVPN. No se han reportado detalles específicos sobre la fecha del ataque, pero los registros disponibles apuntan a una actividad activa en el ámbito digital.

Analisis

Análisis técnico: La codificación en Python y su compilación con PyInstaller sugieren un enfoque de desarrollo no muy sofisticado. Sin embargo, la existencia de dos modos de cifrado (dinámico y predefinido) complica su análisis. El uso de una clave fija para el cifrado permite a las víctimas recuperar archivos si acceden a la clave, aunque esto requiere conocimiento técnico. La industria ya proporcionó un script para la desencriptación en casos donde se utilice esta clave.

Indicadores de Compromiso (IOCs):

Tipo Valor Contexto
URL https://securelist.com/black-kingdom-ransomware/102873/ OSINT
URL https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ OSINT
Domain securelist.com OSINT
Domain www.bleepingcomputer.com OSINT

Conclusion

El ransomware Black Kingdom representa un desafío para las organizaciones debido a su enfoque innovador y sus posibles mecanismos de recuperación. Aunque el grupo atacante permanece anónimo, los IOCs disponibles ofrecen pistas sobre su actividad digital. Las víctimas deben priorizar la seguridad de sus redes y considerar soluciones de protección contra vulnerabilidades en sistemas como PulseVPN. La existencia de un script para desencriptación en casos específicos sugiere una respuesta potencial por parte de la industria, aunque no siempre garantiza la recuperación total de los datos.

Diamond Model

Adversary
unknown---unmapped-actors
Ver perfil →
Victim
The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,
securelist.com
United States
Capability
Reference
Infrastructure
securelist.com
www.bleepingcomputer.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

10 enlaces
Tipo (1)
Valor 22 posts
Domain (2)
securelist.com 17 posts www.bleepingcomputer.com 3 posts
IntelTracker / OSINT link
securelist.com
unknown---unmapped-actors
enlace asociado al actor
IntelTracker / OSINT link
www.cybereason.com
unknown---unmapped-actors
enlace asociado al actor
Nodo actual
The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.,,https://securelist.com/black-kingdom-ransomware/102873/,https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/,,,,,,,,,,,,
unknown---unmapped-actors · United States
Victima
PJ Daly Contracting
Valor
IOC compartido
Victima
mlit.com.my UPDATE-FULL DATA DUMP 10GB
Valor
IOC compartido
Victima
APTTrail: APT CLOUDWIZARD indicators and references
securelist.com
IOC compartido
Victima
APTTrail: APT DESERTFALCON indicators and references
securelist.com
IOC compartido
Victima
APTTrail: CR4T indicators and references
securelist.com
IOC compartido
Victima
APTTrail: dinodas indicators and references
securelist.com
IOC compartido
Victima
APTTrail: crouching yeti indicators and references
securelist.com
IOC compartido
Victima
APTTrail: Bronze Highland indicators and references
www.bleepingcomputer.com
IOC compartido

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Tipo Valor Contexto VT OffSec SOCRadar
URL https://securelist.com/black-kingdom-ransomware/102873/ OSINT VT OffSec SOCRadar
URL https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ OSINT VT OffSec SOCRadar
Domain securelist.com OSINT VT OffSec SOCRadar
Domain www.bleepingcomputer.com OSINT VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor unknown---unmapped-actors en el blog → Ver unknown---unmapped-actors en IntelTracker → Fuente OSINT: securelist.com → Buscar unknown---unmapped-actors en APTTrail → Repositorio APTTrail → Mas incidentes en United States → Buscar en Google News → Analizar en VirusTotal → Buscar en Shodan → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

FortiBleed: exposición masiva de credenciales Fortinet y guía CTI de respuesta19 Jun 2026 · campaign PJ Daly Contracting19 Jun 2026 · qilin mlit.com.my UPDATE-FULL DATA DUMP 10GB19 Jun 2026 · stormous June 2026 Stealer Logs18 Jun 2026 · breach CFGI18 Jun 2026 · breach Berkadia18 Jun 2026 · breach Infinite Campus18 Jun 2026 · breach Horizon Family Medical Group18 Jun 2026 · incransom