{"id":43436,"date":"2021-10-15T16:37:19","date_gmt":"2021-10-15T16:37:19","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/-clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks"},"modified":"2021-10-15T16:37:19","modified_gmt":"2021-10-15T16:37:19","slug":"clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/","title":{"rendered":"&#8216;Clumsy&#8217; BlackByte Malware Reuses Crypto Keys, Worms Into Networks"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A new family of ransomware&nbsp;dubbed BlackByte has all the hallmarks of a first-development attempt by amateur malware developers, making significant mistakes \u2014 such as obfuscating code in a way that is easily bypassed and using the same encryption key for every victim.<\/p>\n<p>The malware has some similarities to other ransomware linked to Russia, such as avoiding Russian-language systems in the same way as REvil and using network exploitation to spread inside networks in the same way as Ryuk, according to researchers at&nbsp;Trustwave, who published their analysis this week of the variant.<\/p>\n<p>The researchers, who&nbsp;encountered the malicious program when responding to a security incident, also found the program uses a symmetric encryption key that is downloaded from a public server. That&nbsp;allowed them to create a decryption utility to help victims recover their data.<\/p>\n<p>Those poor design choices suggest that the ransomware is not a variant of a previous ransomware family and that the developers are relatively inexperienced in designing ransomware, says Karl Sigler, senior security research manager at Trustwave.<\/p>\n<p>&#8220;It looks like they wrote this from scratch,&#8221; he says. &#8220;But it&#8217;s clumsy. It&#8217;s very clumsy.&#8221;<\/p>\n<p>Ransomware continues to be a popular cybercriminal enterprise in 2021. The number of ransomware attacks in the first half of the year rose 150% to almost 305 million, according to <a href=\"https:\/\/blog.sonicwall.com\/en-us\/2021\/07\/latest-cyber-threat-intelligence-shows-ransomware-skyrocketing\/\" target=\"_blank\" rel=\"noopener\">SonicWall&#8217;s &#8220;Cyber Threat Report: Mid-Year Update.&#8221;<\/a>&nbsp;While the volume of ransomware attacks falls well short of the 2.5 trillion intrusion attempts and the 2.5 billion malware attacks, it does represent the third largest category of security events in the SonicWall report. <\/p>\n<p>Government organizations are being particularly targeted, with 10 times more ransomware attacks hitting government networks than corporate networks. Ryuk, Cerber, and SamSam were the top three malware families, with 197 million \u2014 or almost two-thirds \u2014 of encountered ransomware belonging to one of those three families.<\/p>\n<p>&#8220;[E]ven if we don\u2019t record a single ransomware attempt in the entire second half, which is irrationally optimistic, 2021 will already go down as the worst year for ransomware SonicWall has ever recorded,&#8221; the company states in its report. <\/p>\n<p><strong>&#8216;Garbage Code&#8217;<br \/><\/strong>The growth in ransomware attacks may have convinced the developers behind BlackByte to create their own malware framework, Trustwave&#8217;s Sigler says.&nbsp;<\/p>\n<p>A BlackByte attack starts with an obfuscated launcher installed on a compromised system. The malware uses standard obfuscation techniques \u2014 basically stuffing the file with a lot of unused garbage code, changing variable names, and scrambling the code \u2014 in an attempt to make reverse engineering the program more difficult, <a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/blackbyte-ransomware-pt-1-in-depth-analysis\/\" target=\"_blank\" rel=\"noopener\">according to the company&#8217;s analysis<\/a>.&nbsp;<\/p>\n<p>Yet the Trustwave researchers found that uncovering the code was pretty straightforward, if time-consuming.<\/p>\n<p>The malware checks to see whether the infected system is running <a href=\"https:\/\/github.com\/Neo23x0\/Raccine\" target=\"_blank\" rel=\"noopener\">Raccine, an open source project that attempts to protect against ransomware<\/a>; if so, it stops the program and removes it from the system. BlackByte also uses a variety of system commands to delete any on-systems backups \u2014 also known as &#8220;shadow copies&#8221; \u2014 to ensure that data cannot be retrieved once encrypted.<\/p>\n<p>The self-propagation capability of the malware, which also makes the program a worm, will query 1,000 host names from the Active Directory, send a wake-on-LAN packet, and then attempt to infect any accessible machines. While rudimentary, the worm functionality could lead to significant spread within an enterprise, Sigler says.<\/p>\n<p>&#8220;It seems to be effective \u2014 there were several machines affected in the engagement we were involved in,&#8221; he says. &#8220;It can rapidly spread pretty rapidly.&#8221;<\/p>\n<p>While the malware will halt before compromising Russian-language systems, Sigler avoided linking the attack to Russia. <\/p>\n<p>&#8220;[That feature] seems to be a common earmark of Russia cybercriminals, but we have not directly attributed the attack,&#8221; he says. &#8220;It could be that other actors are copying that methodology.&#8221;<\/p>\n<p>The seemingly original code and the number of mistakes suggest that a new ransomware gang may be developing their own tools to infect systems rather than using new code created by one of the established groups, Sigler says.<\/p>\n<p>&#8220;We are just speculating because we don&#8217;t have any specific idea of who the actors are behind it,&#8221; he says. &#8220;Given how clumsy the code is on the ransomware, I don&#8217;t think it is coming from any of the experienced groups that we have seen in the past.&#8221;<\/p>\n<p>Research into the new malware appears to have spooked the group to some extent. The BlackByte group appears to be laying low, with the downloadable key no longer available. Thus, the program can no longer run its encryption function.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/-clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/-clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-43436","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;Clumsy&#039; BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;Clumsy&#039; BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-15T16:37:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"&#8216;Clumsy&#8217; BlackByte Malware Reuses Crypto Keys, Worms Into Networks\",\"datePublished\":\"2021-10-15T16:37:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/\"},\"wordCount\":757,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf4a19ab15533363e\\\/6169adf8d3bef7432b487bbf\\\/keyboard-skulls.jpeg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/\",\"name\":\"'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf4a19ab15533363e\\\/6169adf8d3bef7432b487bbf\\\/keyboard-skulls.jpeg\",\"datePublished\":\"2021-10-15T16:37:19+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf4a19ab15533363e\\\/6169adf8d3bef7432b487bbf\\\/keyboard-skulls.jpeg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf4a19ab15533363e\\\/6169adf8d3bef7432b487bbf\\\/keyboard-skulls.jpeg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8216;Clumsy&#8217; BlackByte Malware Reuses Crypto Keys, Worms Into Networks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/","og_locale":"en_US","og_type":"article","og_title":"'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-10-15T16:37:19+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"&#8216;Clumsy&#8217; BlackByte Malware Reuses Crypto Keys, Worms Into Networks","datePublished":"2021-10-15T16:37:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/"},"wordCount":757,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/","url":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/","name":"'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg","datePublished":"2021-10-15T16:37:19+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf4a19ab15533363e\/6169adf8d3bef7432b487bbf\/keyboard-skulls.jpeg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8216;Clumsy&#8217; BlackByte Malware Reuses Crypto Keys, Worms Into Networks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43436"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43436\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}