| https://www.tripwire.com/state-of-security/featured/blackmatter-pose-new-ransomware-threat |
| https://venturebeat.com/2021/08/23/sophoslabs-research-shows-blackmatter-ransomware-is-closely-acquainted-with-darkside |
| https://blog.group-ib.com/blackmatter# |
| https://blog.group-ib.com/blackmatter2 |
| https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html |
| https://blogs.blackberry.com/en/2021/09/threat-thursday-blackmatter-ransomware-as-a-service |
| https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html |
| https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751 |
| https://medium.com/s2wlab/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d |
| https://medium.com/s2wlab/grooves-thoughts-on-blackmatter-babuk-and-interruption-in-the-supply-of-cheese-in-the-b5328bc764f2 |
| https://news.sophos.com/en-us/2021/08/09/blackmatter-ransomware-emerges-from-the-shadow-of-darkside/ |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html |
| https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/ |
| https://twitter.com/GelosSnake/status/1451465959894667275 |
| https://twitter.com/VK_Intel/status/1423188690126266370 |
| https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-blackmatter-lockbit-thor |
| https://us-cert.cisa.gov/ncas/alerts/aa21-291a |
| https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ |
| https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/ |
| https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-2/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.elliptic.co/blog/darkside-bitcoins-on-the-move-following-government-cyberattack-against-revil-ransomware-group |
| https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf |
| https://www.mandiant.com/resources/chasing-avaddon-ransomware |
| https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf |
| https://www.youtube.com/watch?v=NIiEcOryLpI |
| https://assets.virustotal.com/reports/2021trends.pdf |
| https://blog.digital-investigations.info/2021-08-05-understanding-blackmatters-api-hashing.html |
| https://blog.group-ib.com/blackmatter# |
| https://blog.group-ib.com/blackmatter2 |
| https://blog.minerva-labs.com/blackmatter |
| https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html |
| https://blogs.blackberry.com/en/2021/09/threat-thursday-blackmatter-ransomware-as-a-service |
| https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus |
| https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf |
| https://chuongdong.com/reverse%20engineering/2021/09/05/BlackMatterRansomware/ |
| https://go.recordedfuture.com/hubfs/reports/MTP-2021-0804.pdf |
| https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf |
| https://ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/ |
| https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809 |
| https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751 |
| https://medium.com/s2wlab/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d |
| https://medium.com/s2wlab/grooves-thoughts-on-blackmatter-babuk-and-interruption-in-the-supply-of-cheese-in-the-b5328bc764f2 |
| https://news.sophos.com/en-us/2021/08/09/blackmatter-ransomware-emerges-from-the-shadow-of-darkside/ |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://raw.githubusercontent.com/antonioCoco/infosec-talks/main/InsomniHack_2022_Ransomware_Encryption_Internals.pdf |
| https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackmatter-data-exfiltration |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html |
| https://therecord.media/blackmatter-ransomware-says-its-shutting-down-due-to-pressure-from-local-authorities/ |
| https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/ |
| https://twitter.com/GelosSnake/status/1451465959894667275 |
| https://us-cert.cisa.gov/ncas/alerts/aa21-291a |
| https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ |
| https://www.ciphertechsolutions.com/rapidly-evolving-blackmatter-ransomware-tactics/ |
| https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-2/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.elliptic.co/blog/darkside-bitcoins-on-the-move-following-government-cyberattack-against-revil-ransomware-group |
| https://www.glimps.fr/lockbit3-0/ |
| https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf |
| https://www.mandiant.com/resources/chasing-avaddon-ransomware |
| https://www.mandiant.com/resources/cryptography-blackmatter-ransomware |
| https://www.mcafee.com/blogs/enterprise/blackmatter-ransomware-analysis-the-dark-side-returns/ |
| https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates/ |
| https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ |
| https://www.netskope.com/blog/netskope-threat-coverage-blackmatter |
| https://www.nozominetworks.com/blog/blackmatter-ransomware-technical-analysis-and-tools-from-nozomi-networks-labs/ |
| https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html |
| https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf |
| https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf |
| https://www.tesorion.nl/en/posts/analysis-of-the-blackmatter-ransomware/ |
| https://www.theregister.com/2022/03/22/talos-ransomware-blackcat/ |
| https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html |
| https://www.varonis.com/blog/blackmatter-ransomware/ |
| https://www.youtube.com/watch?v=NIiEcOryLpI |
| http://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/ |
| http://ti.dbappsecurity.com.cn/blog/index.php/2021/05/10/darkside/ |
| https://asec.ahnlab.com/en/34549/ |
| https://blog.360totalsecurity.com/en/darksides-targeted-ransomware-analysis-report-for-critical-u-s-infrastructure-2/ |
| https://blog.cyble.com/2021/08/05/blackmatter-under-the-lens-an-emerging-ransomware-group-looking-for-affiliates/ |
| https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/ |
| https://blog.group-ib.com/blackmatter# |
| https://blog.group-ib.com/blackmatter2 |
| https://blogs.blackberry.com/en/2021/09/threat-thursday-blackmatter-ransomware-as-a-service |
| https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2021/05/18/darkside_ransomware-QfsV.html |
| https://blueteamblog.com/darkside-ransomware-operations-preventions-and-detections |
| https://brandefense.io/darkside-ransomware-analysis-report/ |
| https://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/ |
| https://community.riskiq.com/article/fdf74f23 |
| https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/ |
| https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
| https://ghoulsec.medium.com/mal-series-13-darkside-ransomware-c13d893c36a6 |
| https://github.com/Haxrein/Malware-Analysis-Reports/blob/main/darkside_ransomware_technical_analysis_report.pdf |
| https://github.com/sisoma2/malware_analysis/tree/master/blackmatter |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf |
| https://go.recordedfuture.com/hubfs/reports/MTP-2021-0804.pdf |
| https://id-ransomware.blogspot.com/2020/08/darkside-ransomware.html |
| https://id-ransomware.blogspot.com/2021/07/blackmatter-ransomware.html |
| https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/ |
| https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/ |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://labs.bitdefender.com/2021/01/darkside-ransomware-decryption-tool/ |
| https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b |
| https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/ |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://securityintelligence.com/posts/darkside-oil-pipeline-ransomware-attack/ |
| https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted |
| https://socprime.com/blog/affiliates-vs-hunters-fighting-the-darkside/ |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps |
| https://symantec.broadcom.com/hubfs/Attacks-Against-Critical_Infrastructrure.pdf |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/ |
| https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/ |
| https://therecord.media/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/ |
| https://therecord.media/popular-hacking-forum-bans-ransomware-ads/ |
| https://therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ |
| https://threatpost.com/guess-fashion-data-loss-ransomware/167754/ |
| https://twitter.com/GelosSnake/status/1451465959894667275 |
| https://twitter.com/JAMESWT_MHT/status/1388301138437578757 |
| https://twitter.com/ValthekOn/status/1422385890467491841?s=20 |
| https://twitter.com/sysopfb/status/1422280887274639375 |
| https://unit42.paloaltonetworks.com/darkside-ransomware/ |
| https://us-cert.cisa.gov/ncas/alerts/aa21-131a |
| https://us-cert.cisa.gov/ncas/analysis-reports/ar21-189a |
| https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/ |
| https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion |
| https://www.acronis.com/en-us/articles/darkside-ransomware/ |
| https://www.advanced-intel.com/post/from-dawn-to-silent-night-darkside-ransomware-initial-attack-vector-evolution |
| https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-gang-rises-from-the-ashes-of-darkside-revil/ |
| https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/ |
| https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoins-in-deposit-on-hacker-forum/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-servers-reportedly-seized-revil-restricts-targets/ |
| https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/ |
| https://www.bleepingcomputer.com/news/security/us-chemical-distributor-shares-info-on-darkside-ransomware-data-theft/ |
| https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom |
| https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound |
| https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/ |
| https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-2/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/ |
| https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout |
| https://www.crowdstrike.com/blog/falcon-protects-from-darkside-ransomware/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-ransomware-adversaries-reacted-to-the-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/ |
| https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware |
| https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/ |
| https://www.databreaches.net/a-chat-with-darkside/ |
| https://www.databreachtoday.com/blogs/darkside-ransomware-gang-launches-affiliate-program-p-2968 |
| https://www.deepinstinct.com/2021/06/04/the-ransomware-conundrum-a-look-into-darkside/ |
| https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ |
| https://www.digitalshadows.com/blog-and-research/ransomware-as-a-service-rogue-affiliates-and-whats-next/ |
| https://www.dragos.com/blog/industry-news/recommendations-following-the-colonial-pipeline-cyber-attack/ |
| https://www.elliptic.co/blog/darkside-bitcoins-on-the-move-following-government-cyberattack-against-revil-ransomware-group |
| https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin |
| https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims |
| https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html |
| https://www.flashpoint-intel.com/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ |
| https://www.fortinet.com/blog/threat-research/newly-discovered-function-in-darkside-ransomware-variant-targets-disk-partitions |
| https://www.glimps.fr/lockbit3-0/ |
| https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf |
| https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/ |
| https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox |
| https://www.ic3.gov/Media/News/2021/211101.pdf |
| https://www.intel471.com/blog/darkside-ransomware-colonial-pipeline-attack |
| https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime |
| https://www.maltego.com/blog/chasing-darkside-affiliates-identifying-threat-actors-connected-to-darkside-ransomware-using-maltego-intel-471-1/ |
| https://www.mandiant.com/resources/burrowing-your-way-into-vpns |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/ |
| https://www.metabaseq.com/recursos/inside-darkside-the-ransomware-that-attacked-colonial-pipeline# |
| https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.nozominetworks.com/blog/colonial-pipeline-ransomware-attack-revealing-how-darkside-works/ |
| https://www.nozominetworks.com/blog/how-to-analyze-malware-for-technical-writing/ |
| https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/ |
| https://www.repubblica.it/economia/finanza/2021/04/28/news/un_sospetto_attacco_telematico_blocca_le_filiali_della_bcc_di_roma-298485827/ |
| https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/ |
| https://www.secjuice.com/blue-team-detection-darkside-ransomware/ |
| https://www.secureworks.com/research/threat-profiles/gold-waterfall |
| https://www.sentinelone.com/blog/meet-darkside-and-their-ransomware-sentinelone-customers-protected/ |
| https://www.splunk.com/en_us/blog/security/darkside-ransomware-splunk-threat-update-and-detections.html |
| https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html |
| https://www.splunk.com/en_us/blog/security/the-darkside-of-the-ransomware-pipeline.html |
| https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf |
| https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf |
| https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/ |
| https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html |
| https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-as-a-service-enabler-of-widespread-attacks |
| https://www.varonis.com/blog/darkside-ransomware/ |
| https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636 |
| https://www.youtube.com/watch?v=NIiEcOryLpI |
| https://www.youtube.com/watch?v=qxPXxWMI2i4 |
| https://zawadidone.nl/2020/10/05/darkside-ransomware-analysis.html |
| https://zawadidone.nl/darkside-ransomware-analysis/ |
| https://zetter.substack.com/p/anatomy-of-one-of-the-first-darkside |
