For some reason people are sharing llm garbage instead of the real chat logs for black basta. Here are the real logs and the telegram channel they're being shared in: https://t[.]me/shopotbasta/21

CTI is a team sport. Not a secret boys club. Sharing is caring.

@GossiTheDog The MEGA site is down, but the Telegram channel where this is being discussed provides a direct download of the chat contents via a ~50MB JSON file. Grepping for ZoomInfo URLs and using cut/sort/uniq can get folks a quick and dirty list of potentially targeted companies. Some of the company names I saw are listed on their ransom site, but some are attributed to other ransomware gangs. Some of the messages also have Forti/Cisco/Citrix as well as the $$$ amount after the ZoomInfo link for the company. Gonna guess this is likely the pwned appliance vendor and ransom amount for the company. One can likely walk back the vendor name to a critical RCE vulnerability which they exploited.

Grepping for CVEs, theres tons of chatter about various RCE vulnerabilities, mitigations, and PoC exploits. Same as Conti Leaks. I’m sure we’ll see a bunch of vendor write-ups in the coming days with Black Basta CTI analysis of the data.