Velvet TempestVelvet Tempest

Also known as: Velvet Tempest · DEV-0504

Known aliases
2

Profile

Velvet Tempest is a threat actor associated with the BlackCat ransomware group. They have been observed deploying multiple ransomware payloads, including BlackCat, and have targeted various industries such as energy, fashion, tobacco, IT, and manufacturing. Velvet Tempest relies on access brokers to gain network access and utilizes tools like Cobalt Strike Beacons and PsExec for lateral movement and payload staging. They exfiltrate stolen data using a tool called StealBit and frequently disable unprotected antivirus products.

Aliases· 2

Velvet TempestDEV-0504

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Vanilla Tempest
Actor
Mustard Tempest
Actor
Storm-0506
Actor
DEV-0950
Actor
Blacktail
Software
BlackCat
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.