Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Exploitation For Defense Evasion Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Software Discovery - T1418 Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Debugger Evasion - T1622 Dynamic Resolution - T1637 Dynamic Resolution - T1568 Exploitation For Privilege Escalation - T1404 File And Directory Discovery - T1420 Firmware - T1592.003 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 System Services - T1569 Windows Command Shell - T1059.003 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exploitation For Defense Evasion - T1211 Exploitation For Privilege Escalation - T1068 File And Directory Discovery - T1083 Indicator Removal On Host - T1070 New Service - T1050 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 User Execution - T1204 Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID 12b0f061-2fd5-4499-a715-eb841154da7a
Fingerprint bca41f65a5fd9781
Analysis status DONE
Considered CTI value 2
Text language
Published May 22, 2023, 12:43 p.m.
Added to db Oct. 22, 2023, 9:20 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
Title Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
Detected Hints/Tags/Attributes 91/3/44
Source URLs
Redirection Url
Details Source https://blog.cluster25.duskrise.com/2023/05/22/back-in-black-blackbyte-nt
URL Provider
Details Provider Source level domain
Details duskrise.com blog.cluster25.duskrise.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 28 https://blog.cluster25.duskrise.com/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details sha1 1 
c0950ebfa3a63c705ca813cfd28364aa1d90bb09
Details sha256 1 
02a0a39dbe0dcb5600f4179aeab457bb86965699e45d1d154082b02139dc701d
Details IPv4 198 
1.1.1.1
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 183 
T1566.002
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 239 
T1106
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 78 
T1569
Details MITRE ATT&CK Techniques 208 
T1068
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 52 
T1622
Details MITRE ATT&CK Techniques 30 
T1211
Details MITRE ATT&CK Techniques 235 
T1562
Details MITRE ATT&CK Techniques 247 
T1070
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 185 
T1518
Details MITRE ATT&CK Techniques 472 
T1486
Details File 1 
c:\systemdata\msexchangelog1.log
Details File 748 
kernel32.dll
Details File 533 
ntdll.dll
Details File 229 
advapi32.dll
Details File 291 
user32.dll
Details File 185 
shell32.dll
Details File 16 
rstrtmgr.dll
Details File 59 
netapi32.dll
Details File 69 
shlwapi.dll
Details File 45 
mpr.dll
Details File 34 
psapi.dll
Details File 86 
ole32.dll
Details File 47 
oleaut32.dll
Details File 89 
version.dll
Details File 34 
winhttp.dll
Details File 53 
iphlpapi.dll
Details File 130 
ws2_32.dll
Details File 54 
dbghelp.dll
Details File 48 
c:\\windows\\system32\\cmd.exe
Details File 1122 
svchost.exe
Details File 26 
rtcore64.sys
Details File 16 
dbutil_2_3.sys
Details md5 1 
bf1f2f3759448a05d3dd92a4f7f042f6