← Back to Actors
BlackByte
BlackByteHecamede
[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used a common encryption key allowing for the development of a universal decryptor, but subsequent versions such as [BlackByte 2.0 Ransomware](https://attack.mitre.org/software/S1181) use more robust encryption mechanisms. [Bla...
51
Techniques
50
Covered
1
Gaps
98%
Coverage
Coverage50/51
GAPS (1)
COVERED (50)
T1003OS Credential Dumping113 det.T1012Query Registry24 det.T1016System Network Configuration Discovery39 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1036.008Masquerade File Type5 det.T1041Exfiltration Over C2 Channel31 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation87 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1055.012Process Hollowing9 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion42 det.T1071.001Web Protocols80 det.T1078Valid Accounts280 det.T1078.002Domain Accounts28 det.T1082System Information Discovery86 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer183 det.T1112Modify Registry203 det.T1134.003Make and Impersonate Token5 det.T1135Network Share Discovery20 det.T1136.002Domain Account11 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1219Remote Access Tools40 det.T1480Execution Guardrails1 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact360 det.T1490Inhibit System Recovery59 det.T1491.001Internal Defacement4 det.T1505.003Web Shell63 det.T1518.001Security Software Discovery10 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1560Archive Collected Data12 det.T1562Impair Defenses194 det.T1562.001Disable or Modify Tools311 det.T1562.004Disable or Modify System Firewall48 det.T1567Exfiltration Over Web Service45 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer22 det.T1608.001Upload Malware3 det.T1614.001System Language Discovery2 det.T1685Disable or Modify Tools278 det.T1686Disable or Modify System Firewall19 det.