← Back to Actors
BlackByte
BlackByteHecamede
[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used a common encryption key allowing for the development of a universal decryptor, but subsequent versions such as [BlackByte 2.0 Ransomware](https://attack.mitre.org/software/S1181) use more robust encryption mechanisms. [Bla...
49
Techniques
48
Covered
1
Gaps
98%
Coverage
Coverage48/49
GAPS (1)
COVERED (48)
T1003OS Credential Dumping106 det.T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1036.008Masquerade File Type4 det.T1041Exfiltration Over C2 Channel30 det.T1046Network Service Discovery49 det.T1047Windows Management Instrumentation85 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1055.012Process Hollowing8 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1068Exploitation for Privilege Escalation91 det.T1070.004File Deletion40 det.T1071.001Web Protocols74 det.T1078Valid Accounts252 det.T1078.002Domain Accounts26 det.T1082System Information Discovery80 det.T1087.002Domain Account55 det.T1105Ingress Tool Transfer170 det.T1112Modify Registry197 det.T1134.003Make and Impersonate Token5 det.T1135Network Share Discovery16 det.T1136.002Domain Account9 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1219Remote Access Tools33 det.T1480Execution Guardrails1 det.T1482Domain Trust Discovery38 det.T1486Data Encrypted for Impact339 det.T1490Inhibit System Recovery56 det.T1491.001Internal Defacement4 det.T1505.003Web Shell57 det.T1518.001Security Software Discovery8 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder50 det.T1560Archive Collected Data11 det.T1562Impair Defenses180 det.T1562.001Disable or Modify Tools300 det.T1562.004Disable or Modify System Firewall45 det.T1567Exfiltration Over Web Service44 det.T1569.002Service Execution63 det.T1570Lateral Tool Transfer20 det.T1608.001Upload Malware2 det.T1614.001System Language Discovery2 det.