BlackByte

Techniques (MITRE ATT&CK)48

SourceMITRE ATT&CK

Also known as:Hecamede

Vexday analysis

BlackByte (também identificado como Hecamede, G1043 no MITRE ATT&CK) é um agente de ameaça de ransomware ativo desde pelo menos 2021, associado a múltiplas versões do malware homônimo. As versões iniciais do ransomware utilizavam uma chave de criptografia comum, o que permitiu o desenvolvimento de um decryptor universal; versões posteriores, como o BlackByte 2.0, adotaram mecanismos de criptografia mais robustos. O grupo é notável por operações direcionadas a entidades de infraestrutura crítica, entre outros alvos na América do Norte, e possui 48 técnicas documentadas no MITRE ATT&CK, 3 CVEs atribuídas e 4 vítimas conhecidas no Brasil.

Techniques (MITRE ATT&CK) 48

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Virtual Private Server Upload Malware

Initial access

Exploit Public-Facing Application

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Service Execution

Persistence

Domain Account Web Shell Windows Service Registry Run Keys / Startup Folder

Privilege escalation

Exploitation for Privilege Escalation

Credential access

OS Credential Dumping

Discovery

Query Registry System Network Configuration Discovery Remote System Discovery Network Service Discovery System Information Discovery Domain Account Network Share Discovery Domain Trust Discovery Security Software Discovery System Language Discovery

Lateral movement

Remote Desktop Protocol SMB/Windows Admin Shares Lateral Tool Transfer

Collection

Archive Collected Data

Command and control

Web Protocols Ingress Tool Transfer Remote Access Tools

Exfiltration

Exfiltration Over C2 Channel Exfiltration Over Web Service

Impact

Data Encrypted for Impact Inhibit System Recovery Internal Defacement

defense-impairment

Modify Registry Disable or Modify Tools Disable or Modify System Firewall

stealth

Masquerade File Type Process Injection Process Hollowing File Deletion Valid Accounts Domain Accounts Make and Impersonate Token Deobfuscate/Decode Files or Information Execution Guardrails

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2024-37085MEDIUMEPSS 27%KEV CVE-2016-6662EPSS 68%

BlackByte uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →