BlackMatter x Babuk : Using the same web server for sharing
leaked files
By S2W
Published: 2021-09-01 · Archived: 2026-04-05 15:58:48 UTC
With contribution from Hotsauce (
, , , , )| S2W TALON
Abstract
BlackMatter published the leaked files and documents related to infected victim companies started on August 1,
2021. They published the leaked data of 7 infected victim companies on their leak site.
Press enter or click to view image in full size
BlackMatter using file hosting services
BlackMatter is using the file hosting services on their leak site and they are not uploaded the leaked data on their
own web server. We checked BlackMatter used Mega Cloud, PrivatLab, DropmeFiles, 2 Tor Web Servers on their
leak site.
BlackMatter x Babuk : Using the same web server for sharing leaked files
https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751
Page 1 of 4

The interesting point is a Tor Web Server(http://flhnknbdg7****.onion) is the same as Babuk’s file server when
they share the leaked files with users.
Press enter or click to view image in full size
The leaked data uploaded to the same web server by BlackMatter and Babuk
In the file server of BlackMatter, we checked the leaked data uploaded by Babuk and BlackMatter as below:
Press enter or click to view image in full size
https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751
Page 2 of 4

The string was changed on August 28, 2021
(Previous title) 2021–05–31 BABUK STRONAGE SERVER, Joe Biden Caprophile
Get S2W’s stories in your inbox
Join Medium for free to get updates from this writer.
Remember me for faster sign in
(Current title) 2021–08–28 GROVE STRONAGE SERVER
Press enter or click to view image in full size
https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751
Page 3 of 4

When Babuk uses this web server for sharing the leaked files, if we enter the root directory of the web server, we
can see the string of BABUK STRONAGE SERVER, Joe Biden Caprophile. But now, the title of the web server
changed the string to GROVE STRONAGE SERVER.
Conclusion
In this post, we mentioned the fact of BlackMatter and Babuk using the same web server for sharing the
leaked files.
We could not find any pieces of the evidence whether they are in the same group.
They may have accidentally rented the same web server, or we need to keep monitoring their activities to
track the relation between BlackMatter and Babuk.
Source: https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751
https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751
Page 4 of 4