MalwareRansomwareExploits 1 CVE

Alphv (BlackCat)

ALPHV, also referred to as BlackCat, is a ransomware family operated as a rentable ransomware offering in underground cybercrime communities. The provided content states it was used to encrypt victim networks in intrusions attributed to two former cybersecurity firm employees and a third suspect, who allegedly hacked US companies, stole data, encrypted systems, and demanded multi-million-dollar ransoms. Victims named in the content include a medical device company in Tampa, a pharmaceutical company in Maryland, a drone manufacturer in Virginia, and an engineering company and a doctor’s office in California. In one cited case, the attackers demanded $10 million and received $1.27 million. The content also notes that LockBit 3.0 employed some features known to be used by BlackMatter and ALPHV/BlackCat ransomware, but does not further detail ALPHV’s technical capabilities. US and European partners seized ALPHV servers in December 2023.

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

EXPLOITED CVES

Vulnerabilities exploited

1 CVE Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.

1 CVES

CVE-2015-2291Privilege Escalation in Intel Ethernet Diagnostics Driver for WindowsExploited in the wild

Scattered Spider is known to exploit CVE-2015-2291 which is a vulnerability in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys) that allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted ... IOCTL call.

via trellix blogtrellix.com

MITRE ATT&CK

Techniques & procedures

1 distinct technique documented for this family, organized by ATT&CK tactic.

Exfiltration

1 technique

T1041Exfiltration Over C2 ChannelEvidence1

"...they encrypted devices and leaked stolen data."

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

risky biz rssNews

Nov 5, 2025

Risky Bulletin: US indicts two rogue cybersecurity employees for ransomware attacks

AlphV (BlackCat) is a ransomware-as-a-service (RaaS) platform used to encrypt victim networks and demand large ransom payments. It is known for being highly customizable and for its use in high-profile attacks, including double extortion tactics (data theft and encryption).

barracuda blogNews

Feb 21, 2024

The rise and fall of LockBit ransomware | Barracuda Networks Blog

Ransomware family referenced as having features similar to those present in LockBit 3.0.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities1

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping1

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.