← Back to Actors
BlackByte
BlackByteHecamede
[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used a common encryption key allowing for the development of a universal decryptor, but subsequent versions such as [BlackByte 2.0 Ransomware](https://attack.mitre.org/software/S1181) use more robust encryption mechanisms. [Bla...
51
Techniques
50
Covered
1
Gaps
98%
Coverage
Coverage50/51
GAPS (1)
COVERED (50)
T1003OS Credential Dumping113 det.T1012Query Registry25 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares74 det.T1036.008Masquerade File Type5 det.T1041Exfiltration Over C2 Channel32 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation88 det.T1053.005Scheduled Task100 det.T1055Process Injection81 det.T1055.012Process Hollowing9 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion43 det.T1071.001Web Protocols81 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1082System Information Discovery86 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer184 det.T1112Modify Registry203 det.T1134.003Make and Impersonate Token5 det.T1135Network Share Discovery20 det.T1136.002Domain Account11 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1219Remote Access Tools42 det.T1480Execution Guardrails1 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact374 det.T1490Inhibit System Recovery62 det.T1491.001Internal Defacement4 det.T1505.003Web Shell65 det.T1518.001Security Software Discovery10 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1560Archive Collected Data12 det.T1562Impair Defenses202 det.T1562.001Disable or Modify Tools316 det.T1562.004Disable or Modify System Firewall48 det.T1567Exfiltration Over Web Service46 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer23 det.T1608.001Upload Malware3 det.T1614.001System Language Discovery2 det.T1685Disable or Modify Tools279 det.T1686Disable or Modify System Firewall19 det.