Rule Library
Sigma Rules
2 rules found for "BlackByte"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Potential BlackByte Ransomware Activity
Detects command line patterns used by BlackByte ransomware in different operations
WindowsProcess Creation
Florian Roth (Nextron Systems)Fri Feb 252021
Emerging Threathightest
Blackbyte Ransomware Registry
Detects specific windows registry modifications made by BlackByte ransomware variants. BlackByte set three different registry values to escalate privileges and begin setting the stage for lateral movement and encryption. This rule triggers when any of the following registry keys are set to DWORD 1, however all three should be investigated as part of a larger BlackByte ransomware detection and response effort.
WindowsRegistry Set
François HubautMon Jan 242021