Today > 2 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

Aug. 28, 2024, 2:35 p.m.

Description

The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.

Date

Published: Aug. 28, 2024, 2:04 p.m.

Created: Aug. 28, 2024, 2:04 p.m.

Modified: Aug. 28, 2024, 2:35 p.m.

Indicators

31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427

0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5

01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd

543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

Attack Patterns

ExByte

BlackByteNT

BlackByte

T1136.002

T1021.002

T1484

T1078.002

T1569.002

T1021.001

T1211

T1078.003

T1484.001

T1608

T1018

T1070.004

T1562.001

T1529

T1486

T1083

T1543

T1210

T1098

T1204

T1112

Additional Informations

Technical Services

Professional Services

Manufacturing