ExMatter (068b26ae-39b5-4b4e-8faa-eb304a17687d)
ExMatter is a custom data exfiltration tool. It was first observed in November 2021 during intrusions involving BlackMatter ransomware, and more recently has been used during BlackCat ransomware attacks. In August 2022, researchers observed a “heavily updated” version of ExMatter, which featured expanded protocols for exfiltrating data, a data corruption capability, enhanced defense evasion abilities, and a narrower range of targeted file types.[Symantec Noberus September 22 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| ExMatter (068b26ae-39b5-4b4e-8faa-eb304a17687d) | Tidal Software | BlackCat Ransomware Actors & Affiliates (33159d02-a1ce-49ec-a381-60b069db66f7) | Tidal Groups | 1 |