SYMBOLCOMMON_NAMEaka. SYNONYMS
win.blackbyte (Back to overview)

BlackByte

Ransomware. Uses dropper written in JavaScript to deploy a .NET payload.

References
2021-11-30Red CanaryHarrison van Riper
@online{riper:20211130:proxyshell:060517d, author = {Harrison van Riper}, title = {{ProxyShell exploitation leads to BlackByte ransomware}}, date = {2021-11-30}, organization = {Red Canary}, url = {https://redcanary.com/blog/blackbyte-ransomware/}, language = {English}, urldate = {2021-12-06} } ProxyShell exploitation leads to BlackByte ransomware
BlackByte
2021-11-04Deep instinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20211104:understanding:c22abf4, author = {Shaul Vilkomir-Preisman}, title = {{Understanding the Windows JavaScript Threat Landscape}}, date = {2021-11-04}, organization = {Deep instinct}, url = {https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape}, language = {English}, urldate = {2021-11-19} } Understanding the Windows JavaScript Threat Landscape
STRRAT Griffon BlackByte Houdini Vjw0rm

There is no Yara-Signature yet.