Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
BLACKBIRD.AI

BLACKBIRD.AI Vendor Cyber Rating & Cyber Score

blackbird.ai

BLACKBIRD.AI protects organizations from narrative attacks that cause financial, operational, and reputational harm. Our Constellation AI-driven Narrative Intelligence Platform identifies key narratives that impact your organization/industry, the influence behind them, the networks they touch, the anomalous bot behavior that scales them, and the cohorts and communities that connect them. This information enables organizations to proactively understand narrative threats as they scale and become harmful for better strategic decision-making. A diverse team of AI experts, threat intelligence analysts, journalists, and national security professionals founded Blackbird.AI to defend information integrity and fight a new class of narrative


BLACKBIRD.AI A.I CyberSecurity Scoring

BLACKBIRD.AI
Company Information
Website:http://www.blackbird.ai
Employees number:75
Number of followers:24,700
NAICS:5112
Industry Type:Software Development
Homepage:blackbird.ai
BLACKBIRD.AI Risk Score (AI oriented)
Between 600 and 649
logo
BLACKBIRD.AISoftware Development
Updated:
24/06/2026
642/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
BLACKBIRD.AI Global Score (TPRM)
xxxx
logo
BLACKBIRD.AISoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

BLACKBIRD.AI
BLACKBIRD.AIPoor
Current Score
642Caa (POOR)
01000
1 incidents
-113 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
643Before Incident
JUNE 2026
643Before Incident
MAY 2026
752Before Incident
Ransomware
01 May 2026BLACKBIRD.AI
Interlock and Black Basta: Stealthy Mistic backdoor linked to ransomware access broker KongTuke

New Mistic Backdoor Linked to KongTuke Initial Access Broker in Targeted Attacks

639After Incident
CRITICAL-113
INTBLA1782304111
New Mistic Backdoor Linked to KongTuke Initial Access Broker in Targeted Attacks A newly identified backdoor, dubbed Mistic, has been deployed in financially motivated cyberattacks targeting organizations in the insurance, education, IT, and professional services sectors. The malware is attributed to KongTuke (also known as Woodgnat), an initial access broker (IAB) active since at least 2024, which specializes in breaching corporate networks and selling access to ransomware groups, including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. Researchers at Symantec first observed Mistic in intrusions beginning in April 2024, with at least one attack involving its deployment shortly after ModeloRAT another backdoor linked to KongTuke was delivered via social engineering over Microsoft Teams. Designed for stealth and long-term persistence, Mistic enables attackers to maintain covert access to compromised networks. ### Attack Chain & Capabilities The infection process begins with the execution of a legitimate MpExtMs.exe binary to side-load a malicious version.dll, which acts as a loader for Mistic (disguised as EndpointDlp.dll). The filename mimics Microsoft endpoint security tools, aiding evasion. A secondary .NET DLL is also deployed, displaying a fake login screen to harvest credentials. Once active, Mistic establishes communication with its command-and-control (C2) server and supports multiple functions, including: - File manipulation (upload/download, move, rename, delete, and folder creation) - Adjustable C2 polling frequency - In-memory code execution (avoiding disk writes) - Self-termination and file deletion via a kill switch Symantec highlights Mistic’s in-memory execution and self-destruct features as key to its low-visibility operations, aligning with KongTuke’s focus on prolonged network access. ### Delivery & Additional Tools While Symantec did not detail the initial infection vector, KongTuke has previously used ClickFix (and variants FileFix and CrashFix) since early 2025 to deploy ModeloRAT. In a separate report, Zscaler which tracks Mistic as MTLBackdoor noted its delivery in a May 2024 multi-stage ClickFix attack chain. A notable feature of MTLBackdoor is its ability to load Beacon Object Files (BOFs), small C-based programs that execute in memory, leaving no disk footprint a technique common in red teaming tools like Cobalt Strike. KongTuke’s arsenal extends beyond Mistic, incorporating legitimate tools (WinPython, Node.js) and malware loaders (MintsLoader, D3F@ck Loader) to deploy additional payloads, including the GateKeeper .NET payload and the NexShield browser extension. ### Broader Implications The emergence of Mistic underscores a growing trend of custom backdoors in ransomware operations, developed by IABs with direct ties to cybercriminal ecosystems. Both Symantec and Zscaler have released indicators of compromise (IoCs) for detection, emphasizing the malware’s stealth and modular expansion capabilities.
INCIDENT DETAILS -
TYPE
BackdoorInitial Access Broker (IAB) Activity
MOTIVATION
Financial gain
IMPACT
Corporate networksOperational Impact: Covert access for ransomware deployment
DATA BREACH
CredentialsNetwork accessSensitivity Of Data: High (corporate network access)
APRIL 2026
752Before Incident
MARCH 2026
752Before Incident
FEBRUARY 2026
752Before Incident
JANUARY 2026
752Before Incident
DECEMBER 2025
752Before Incident
NOVEMBER 2025
752Before Incident
OCTOBER 2025
752Before Incident
SEPTEMBER 2025
752Before Incident
AUGUST 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for BLACKBIRD.AI ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was BLACKBIRD.AI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on BLACKBIRD.AI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with BLACKBIRD.AI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view BLACKBIRD.AI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?