{
	"id": "126554ee-cfd5-4705-a4e6-c81641328d9b",
	"created_at": "2026-04-06T00:06:49.883136Z",
	"updated_at": "2026-04-10T03:21:33.18666Z",
	"deleted_at": null,
	"sha1_hash": "499e525c6995736b6918eba3760f8210c1e4291e",
	"title": "Agent AI, Basta Parser Extraordinaire",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 995511,
	"plain_text": "Agent AI, Basta Parser Extraordinaire\r\nBy Joshua Platt\r\nPublished: 2025-02-28 · Archived: 2026-04-05 21:33:21 UTC\r\n4 min read\r\nFeb 28, 2025\r\nBlack Basta is a ransomware group that has spent the past couple of years attacking global networks. Their\r\nactivities are well known in the cybersecurity space. Some might even say prolific at this point.\r\nOn Feb 11, 2025 internal communication amongst the group was publicly leaked¹. The leaked data consisted of\r\nmatrix server chat logs with information pertaining to the day to day operations of the group. But in order to better\r\nunderstand the communication of the group, you first need to inspect and parse the leaked file. While the dataset\r\nhas been analyzed publicly, including a BlackBastaGPT² release for public use, this post delves into the utilization\r\nof AI to parse and further enable the investigation of the dataset.\r\nAfter acquiring the leaked data from a public repository³ a cursory check of the file was conducted. The file is\r\nover 47MB in size, which makes it less than ideal for text editors.\r\nMD5: 2f95cf2c7a2dc364b8530b7cc03d13ec\r\nSHA1: e23008b0cc8bb8916b1c7bfaa4777f253fe2bcb7\r\nSHA256: 5d8d88da1086475546d551a5735c1d46df0ef659b5cd549f84d944641a050fbb\r\nThe file output appears below with a few characteristics. It appears to be Unicode, UTF-8 text and has very long\r\nlines. Oddly enough, it does not detect the file as JSON text data.\r\nfile blackbasta_chats.json\r\nblackbasta_chats.json: Unicode text, UTF-8 text, with very long lines (469)\r\nLet’s check the file using python. The output from python’s json tool is unable to properly parse the file, which is\r\na second indication that the file is going to need some work.\r\npython3 -m json.tool blackbasta_chats.json\r\nExpecting property name enclosed in double quotes: line 2 column 5 (char 6)\r\nUsing the head command, we can extract the first few lines of the file and verify the structure.\r\nhttps://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nPage 1 of 5\n\nhead -n20 blackbasta_chats.json\r\n{\r\ntimestamp: 2023–09–18 13:35:07,\r\nchat_id: !VdvDXHFZwWDpIAtpCj:matrix.bestflowers247.online,\r\nsender_alias: @usernamenn:matrix.bestflowers247.online,\r\nmessage: BAZA\r\n}\r\n{\r\ntimestamp: 2023–09–18 13:50:31,\r\nchat_id: !uJZKZVgGmmSiNvobZH:matrix.bestflowers247.online,\r\nsender_alias: @usernamess:matrix.bestflowers247.online,\r\nmessage: !!!\r\n}\r\nWe have a few options here. We can take the file and write a parser ourselves. We could attempt to properly\r\nenclose the key pairs in quotes. But let’s see what GPT has to offer that might make this all a bit faster.\r\nPress enter or click to view image in full size\r\nImage1. Initial Prompt\r\nNext we suggest modifications to write the output to file along with fixing issues with the initial output.\r\nPress enter or click to view image in full size\r\nhttps://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nPage 2 of 5\n\nImage 2: Modifications\r\nAfter inspecting the code, GPT utilized a regex for matching data inside the brackets, which was not efficient at\r\nall.\r\nmatch = re.match(r’(\\w+):\\s*(.*)’, line)\r\nWe can prompt GPT to remove the regex and utilize the comma delimiter instead.\r\nPress enter or click to view image in full size\r\nImage 3: Modify parsing.\r\nAfter training the model for sorting through syntax related irregularities in the dataset, it was time to output the\r\ndataset into a Sqlite database.\r\nPress enter or click to view image in full size\r\nhttps://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nPage 3 of 5\n\nImage 4: Script to output Sqlite database\r\nThe sqlite database from the generated python script is shown below.\r\nPress enter or click to view image in full size\r\nImage 5: Parsed messages in stored in sqlite database\r\nThe prompts below were used to further refine the structure of the database.\r\nGet Joshua Platt’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nhttps://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nPage 4 of 5\n\nRemember me for faster sign in\r\nPROMPT:\r\nseparate the chat_id into two separate columns in the database using the : delimiter. Name the first\r\ncolumn room and the second column room_server. Separate the sender_alias into two columns using the :\r\ndelimiter. Name the first column sender_user and the second column sender_server.\r\nPROMPT:\r\nnow create a second message column named translated_message. Using google translate, the script needs\r\nto translate any Russian language messages to us english and insert them into the translated message\r\ncolumn.\r\nPress enter or click to view image in full size\r\nImage 6: Modified Database\r\nFor one final task, the script was modified to adjust the table and include a column for translated messages along\r\nwith converting the messages to English prior to storing them.\r\nPROMPT:\r\nnow create a second message column named translated_message. Using google translate, the script needs\r\nto translate any Russian language messages to English and insert them into the translated message\r\ncolumn. The python script should ignore any messages with ip addresses or emails.\r\nResults may vary and the prompts here can definitely be improved. Overall, AI was highly effective in cutting\r\ndown the time necessary to properly format and store the data for analysis. Incorporating AI into your workflow\r\ncan save a substantial amount of time and improve your overall ability to leverage larger datasets.\r\nSource: https://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nhttps://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://medium.com/walmartglobaltech/agent-ai-basta-parser-extraordinaire-24edfc59992a"
	],
	"report_names": [
		"agent-ai-basta-parser-extraordinaire-24edfc59992a"
	],
	"threat_actors": [],
	"ts_created_at": 1775434009,
	"ts_updated_at": 1775791293,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/499e525c6995736b6918eba3760f8210c1e4291e.pdf",
		"text": "https://archive.orkl.eu/499e525c6995736b6918eba3760f8210c1e4291e.txt",
		"img": "https://archive.orkl.eu/499e525c6995736b6918eba3760f8210c1e4291e.jpg"
	}
}