Velvet Tempest
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
Velvet Tempest is a threat actor associated with the BlackCat ransomware group. They have been observed deploying multiple ransomware payloads, including BlackCat, and have targeted various industries such as energy, fashion, tobacco, IT, and manufacturing. Velvet Tempest relies on access brokers to gain network access and utilizes tools like Cobalt Strike Beacons and PsExec for lateral movement and payload staging. They exfiltrate stolen data using a tool called StealBit and frequently disable unprotected antivirus products.
Aliases (110)
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
DEV-0504
Metadata
| ID: | 589 |
| Created: | 13/01/2026 17:48 |
| Updated: | 09/03/2026 16:00 |