ioc[.]one - OSINT Cyber Threat Intelligence Database

Indicators of Compromise Associated with BlackByte Ransomware

Show in Graph

Common Information

Type	Value
UUID	f6b4c124-e23d-4f8d-a370-e4b6c6239ac6
Fingerprint	6d8ca888be31022fc754d93cba629e0d83aa9301aaec1d6a07341f76a5cdc6a9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 11, 2022, 7:56 p.m.
Added to db	April 14, 2024, 2:41 a.m.
Last updated	Aug. 31, 2024, 1:48 a.m.
Headline	Indicators of Compromise Associated with BlackByte Ransomware
Title	Indicators of Compromise Associated with BlackByte Ransomware
Detected Hints/Tags/Attributes	64/2/74

Source URLs

	Redirection	Url
Details	Source	https://www.ic3.gov/Media/News/2022/220211.pdf

URL Provider

Details	Provider	Source level domain
Details	ic3.gov	www.ic3.gov

Attributes

Details	Type	#Events	Value
Details	Domain	128	www.fbi.gov
Details	Domain	4	www.secretservice.gov
Details	Domain	55	cisa.dhs.gov
Details	Domain	145	www.us-cert.gov
Details	Domain	285	microsoft.net
Details	Domain	397	asp.net
Details	Domain	8	www.stopransomware.gov
Details	Domain	41	stopransomware.gov
Details	Email	22	cisaservicedesk@cisa.dhs.gov
Details	File	1	%appdata%\bb.ico
Details	File	1	%appdata%\blackbyterestore.txt
Details	File	1	%homepath%\complex.exe
Details	File	2	tree.dll
Details	File	4	complex.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	90	wordpad.exe
Details	File	3	c:\users\tree.dll
Details	File	2127	cmd.exe
Details	File	249	schtasks.exe
Details	File	1209	powershell.exe
Details	File	118	sc.exe
Details	File	5	mountvol.exe
Details	File	256	net.exe
Details	File	24	arp.exe
Details	File	380	notepad.exe
Details	File	1	%appdata%\restoremyfiles_blackbyte.txt
Details	File	1	c:\users\rem\desktop\hybrid-9-8\complex.exe
Details	md5	1	4d2da36174633565f3dd5ed6dc5033c4
Details	md5	1	959a7df5c465fcd963a641d87c18a565
Details	md5	1	cd7034692d8f29f9146deb3641de7986
Details	md5	1	5f40e1859053b70df9c0753d327f2cee
Details	md5	1	d63a7756bfdcd2be6c755bf288a92c8b
Details	md5	1	df7befc8cdc3c5434ef27cc669fb1e4b
Details	md5	1	eed7357ab8d2fe31ea3dbcf3f9b7ec74
Details	md5	1	51f2cf541f004d3c1fa8b0f94c89914a
Details	md5	1	695e343b81a7b0208cbae33e11f7044c
Details	md5	1	d9e94f076d175ace80f211ea298fa46e
Details	md5	1	296c51eb03e70808304b5f0e050f4f94
Details	md5	1	8320d9ec2eab7f5ff49186b2e630a15f
Details	md5	1	0c7b8da133799dd72d0dbe3ea012031e
Details	md5	1	cea6be26d81a8ff3db0d9da666cd0f8f
Details	md5	1	a77899602387665cddb6a0f021184a2b
Details	md5	1	31f818372fa07d1fd158c91510b6a077
Details	md5	1	1473c91e9c0588f92928bed0ebf5e0f4
Details	md5	1	28b791746c97c0c04dcbfe0954e7173b
Details	md5	1	a9cf6dce244ad9afd8ca92820b9c11b9
Details	md5	1	52b8ae74406e2f52fd81c8458647acd8
Details	md5	1	7139415fecd716bec6d38d2004176f5d
Details	md5	1	1785f4058c78ae3dd030808212ae3b04
Details	md5	1	c13bf39e2f8bf49c9754de7fb1396a33
Details	md5	1	b8e24e6436f6bed17757d011780e87b9
Details	md5	1	5c0a549ae45d9abe54ab662e53c484e2
Details	md5	1	8dfa48e56fc3a6a2272771e708cdb4d2
Details	md5	1	ad29212716d0b074d976ad7e33b8f35f
Details	md5	1	4ce0bdd2d4303bf77611b8b34c7d2883
Details	md5	1	d4aa276a7fbe8dcd858174eeacbb26ce
Details	md5	1	c010d1326689b95a3d8106f75003427c
Details	md5	2	9344afc63753cd5e2ee0ff9aed43dc56
Details	md5	1	ae6fbc60ba9c0f3a0fef72aeffcd3dc7
Details	md5	2	e2eb5b57a8765856be897b4f6dadca18
Details	md5	1	405cb8b1e55bb2a50f2ef3e7c2b28496
Details	md5	1	58e8043876f2f302fbc98d00c270778b
Details	md5	1	11e35160fc4efabd0a3bd7a7c6afc91b
Details	md5	1	d2a15e76a4bfa7eb007a07fc8738edfb
Details	md5	1	659b77f88288b4874b5abe41ed36380d
Details	md5	1	e46bfbdf1031ea5a383040d0aa598d45
Details	md5	1	151c6f04aeff0e00c54929f25328f6f7
Details	IPv4	5	185.93.6.31
Details	IPv4	6	45.9.148.114
Details	IPv4	198	1.1.1.1
Details	Url	3	http://www.us-cert.gov/tlp/.
Details	Url	5	https://www.stopransomware.gov
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	5	HKLM\SYSTEM\CurrentControlSet\Control\FileSystem