Ransomware Spotlight: BlackByte - Security News - Trend Micro MY
Tags
cmtmf-attack-pattern: Application Layer Protocol Exploit Public-Facing Application Scheduled Task/Job
country: Laos Peru
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Groups - T1069.002 Exfiltration Over Web Service - T1567 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Deobfuscate/Decode Files Or Information - T1140 Exploit Public-Facing Application - T1190 File And Directory Discovery - T1083 Permission Groups Discovery - T1069 Scheduled Task - T1053 Web Shell - T1100 Exploit Public-Facing Application Service Stop
Show in Graph
Common Information
Type Value
UUID f6359f85-00e7-45ba-a867-976f71de4779
Fingerprint f43189588711ae41
Analysis status DONE
Considered CTI value 2
Text language
Published July 5, 2022, midnight
Added to db Sept. 11, 2022, 12:46 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Ransomware Spotlight: BlackByte
Title Ransomware Spotlight: BlackByte - Security News - Trend Micro MY
Detected Hints/Tags/Attributes 117/4/27
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/vinfo/my/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
anonymfiles.com
Details Domain 34 
file.io
Details Domain 38 
ntdetect.com
Details File 2 
obamka.js
Details File 143 
thumbs.db
Details File 100 
ntuser.dat.log
Details File 99 
bootsect.bak
Details File 113 
autoexec.bat
Details File 351 
recycle.bin
Details File 101 
iconcache.db
Details File 90 
bootfont.bin
Details File 5 
mountvol.exe
Details File 37 
icacls.exe
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 116 
T1134
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 265 
T1222
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 74 
T1069.002
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 116 
T1560.001
Details MITRE ATT&CK Techniques 126 
T1567
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 197 
T1489