Skip to content

Hide Navigation Hide TOC

BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d)

BlackByte Ransomware is uniquely associated with BlackByte operations. BlackByte Ransomware used a common key for infections, allowing for the creation of a universal decryptor.(Citation: Trustwave BlackByte 2021)(Citation: FBI BlackByte 2022) BlackByte Ransomware was replaced in BlackByte operations by BlackByte 2.0 Ransomware by 2023.(Citation: Microsoft BlackByte 2023)(Citation: Cisco BlackByte 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 1
BlackByte Ransomware - S1180 (9454bb5d-3bdb-40f9-a878-b5fb446ded3d) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2