Skip to content

Hide Navigation Hide TOC

BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d)

BlackByte 2.0 Ransomware is a replacement for BlackByte Ransomware. Unlike BlackByte Ransomware, BlackByte 2.0 Ransomware does not have a common key for victim decryption. BlackByte 2.0 Ransomware remains uniquely associated with BlackByte operations.(Citation: Microsoft BlackByte 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 1
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
BlackByte 2.0 Ransomware - S1181 (42fdf9db-6005-4bb3-96f6-496b94ce519d) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2