Skip to content

Hide Navigation Hide TOC

Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec)

Exbyte is an exfiltration tool written in Go that is uniquely associated with BlackByte operations. Observed since 2022, Exbyte transfers collected files to online file sharing and hosting services.(Citation: Symantec BlackByte 2022)

Cluster A Galaxy A Cluster B Galaxy B Level
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware 1
Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware 1
Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware 1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware 1
Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Exbyte - S1179 (6207dd22-bf18-4c96-aada-c573a9bbf5ec) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2