Threat Actor Profile
Medium
Cybercriminal
Description
Ransomware-as-a-Service
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Ransomware-as-a-Service \n',
'firstseen': '2021-09-08T00:00:00+00:00',
'group': 'blackmatter',
'has_negotiations': True,
'has_ransomnote': True,
'lastseen': '2021-11-04T16:05:45.602653+00:00',
'locations': [{'available': False,
'fqdn': 'blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion',
'slug': 'http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion/',
'title': 'BlackMatter',
'type': 'DLS'}],
'negotiation_count': 2,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': True,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion',
'slug': 'http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion/',
'title': 'BlackMatter',
'type': 'DLS'}],
'negotiation_count': 2,
'ransomnotes_count': 1,
'ransomware_live_group': 'blackmatter',
'tools': {'CredentialTheft': [],
'DefenseEvasion': [],
'DiscoveryEnum': [],
'Exfiltration': ['PrivatLab'],
'LOLBAS': [],
'Networking': [],
'Offsec': [],
'RMM-Tools': []},
'url': 'https://www.ransomware.live/group/blackmatter',
'victims': 32,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {'CredentialTheft': [],
'DefenseEvasion': [],
'DiscoveryEnum': [],
'Exfiltration': ['PrivatLab'],
'LOLBAS': [],
'Networking': [],
'Offsec': [],
'RMM-Tools': []},
'ttps': [],
'url': 'https://www.ransomware.live/group/blackmatter',
'victims': 32,
'vulnerabilities': []}