We imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects.
- The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s).
- Activities in the chat room, especially the daily activity view in AIL. Guessing the location and timezone of groups or affiliates is an endless source of information.
- They rely on many open-source and SaaS tools, including Google Docs or Zoom.
- Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).
If you are using AIL project and want to import the leak dataset,
@terrtia did an importer
https://github.com/ail-project/ail-feeder-matrix#BlackBasta #blackbastleaks #threatintel #osint #threatintelligence #opensource #dataset @ail_project Maybe some interesting input for
@fr0gger for his existing analysis.
I see that this dataset can be used to enhance some of our open-source tools.
https://github.com/ail-project/ail-framework
