BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

Date: 08/29/2024

Severity: Critical

Summary

The BlackByte ransomware group persists in using its core tactics, including exploiting vulnerable drivers to evade security and deploying self-propagating ransomware. Recently, Talos IR observed them straying from their usual methods by exploiting CVE-2024-37085 in VMware ESXi and using victims' own remote access mechanisms instead of commercial tools like AnyDesk.

Indicators of Compromise (IOC) List

Hash

543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5

01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd

31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Hash

sha256hash IN ("543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91","0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5","01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd","31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427")

Reference:

https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments