{
  "name": "BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks",
  "slug": "blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks",
  "description": "The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.",
  "published": "2024-08-28T12:04:18+00:00",
  "created_at": "2024-08-28T12:04:18+00:00",
  "modified_at": "2024-08-28T12:35:41+00:00",
  "created_at_opencti": "2024-08-28T12:04:18+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-08-28",
    "CVE-2024-37085",
    "authentication",
    "blackbytent",
    "byovd",
    "exbyte",
    "ransomware",
    "worm"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427"
      },
      {
        "id": "",
        "name": "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5"
      },
      {
        "id": "",
        "name": "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd"
      },
      {
        "id": "",
        "name": "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91"
      }
    ],
    "malware": [
      {
        "id": "4f8ca926-4d02-415a-b24e-59b1e7877093",
        "name": "ExByte",
        "slug": "exbyte"
      },
      {
        "id": "169686df-0160-446c-b649-7c1203120396",
        "name": "BlackByteNT",
        "slug": "blackbytent"
      }
    ],
    "intrusion_sets": [
      {
        "id": "c0570a27-7fdb-4f0a-b1fb-b17774453240",
        "name": "BlackByte",
        "slug": "blackbyte"
      }
    ],
    "attack_patterns": [
      {
        "id": "566a4023-1f45-4988-a451-e1564d7dfef4",
        "name": "T1136.002"
      },
      {
        "id": "5d2af906-6187-4702-ab9f-590fbe5b1ca3",
        "name": "T1021.002"
      },
      {
        "id": "a1c59366-9e3a-46a3-aa83-863bebc8b3e1",
        "name": "T1484"
      },
      {
        "id": "985513c3-6e7b-441f-87f7-7923e1758e9c",
        "name": "T1078.002"
      },
      {
        "id": "1eef7f88-3992-4add-899e-a7cc9fcdd5b3",
        "name": "T1569.002"
      },
      {
        "id": "195d9773-4de3-4f61-b94d-a2b53cb65608",
        "name": "T1021.001"
      },
      {
        "id": "4abf44e7-0c8c-48fc-9cc5-12fc33f919b6",
        "name": "T1211"
      },
      {
        "id": "8322caa8-0bb7-4258-810d-d2341cccf818",
        "name": "T1078.003"
      },
      {
        "id": "c16977d5-6367-4c7d-91a8-fd1c57bec164",
        "name": "T1484.001"
      },
      {
        "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1",
        "name": "T1608"
      },
      {
        "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7",
        "name": "T1018"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "24fce7f6-f946-4b89-afde-c02b62734093",
        "name": "T1529"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "41ad5d62-aa6a-47d6-a9a9-fb2209601099",
        "name": "T1098"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Technical Services"
      },
      {
        "id": "",
        "name": "Professional Services"
      },
      {
        "id": "",
        "name": "Manufacturing"
      }
    ]
  },
  "external_refs": [
    "https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/",
    "https://otx.alienvault.com/pulse/66cf2e62cb7d2e0443ae0940"
  ]
}