(Kaspersky) LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations. As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally with some of the following threats: • Operations disruption with essential functions coming to a sudden halt. • Extortion for the hacker’s financial gain. • Data theft and illegal publication as blackmail if the victim does not comply.
TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
IP:Port | Timestamp |
---|---|
82.102.20.219:80 | 2022-08-18 |
51.15.18.180:80 | 2022-08-18 |
52.237.96.13:80 | 2022-08-18 |
62.76.112.121:80 | 2022-08-18 |
167.172.239.68:80 | 2022-08-18 |
82.202.247.81:80 | 2022-08-18 |
185.202.2.121:80 | 2022-08-18 |
51.89.134.150:80 | 2022-08-18 |
104.237.255.254:80 | 2022-08-18 |
54.38.212.197:80 | 2022-08-18 |
Domain | Timestamp |
---|---|
tinneatonenessnabobical.com | 2022-10-04 |
URL | Timestamp |
---|
2023-10-03 by Luca Mella from
2023-09-07 by PRODAFT from PRODAFT
2023-07-26 by Nicole Hoffman from Talos
2023-06-22 by GReAT from Kaspersky Labs
2023-06-17 by EmissarySpider from Github (EmissarySpider)
2023-06-14 by FBI from CISA
2023-05-23 by Saharsh Agrawal from loginsoft
2023-05-16 by Brian Krebs from KrebsOnSecurity
2023-04-19 by Bill Toulas from Bleeping Computer
2023-04-18 by Mandiant from Mandiant
2023-04-16 by MalwareHunterTeam from Twitter (@malwrhunterteam)
2023-04-14 by GLIMPS from GLIMPS
2023-03-30 by Microsoft from United States District Court (Eastern District of New York)
2023-02-28 by Eliran Voronovitch from Fortinet
2023-02-01 by Sathwik Ram Prakki from Seqrite
2023-02-01 by Pierluigi Paganini from Security Affairs
2023-01-16 by Jon DiMaggio from ANALYST1
2022-11-30 by Andrew Brandt from Sophos
2022-11-08 by ASEC from AhnLab
2022-10-18 by Anish Bogati from Logpoint
2022-10-15 by Dana Behling from vmware
2022-10-11 by ASEC Analysis Team from AhnLab
2022-09-28 by Giovanni Vigna from vmware
2022-09-22 by Yang HuiSeong from Medium s2wlab
2022-09-22 by Vlad Pasca from Cyber Geeks
2022-08-28 by Ionut Ilascu from BleepingComputer
2022-08-19 by Ross Inman from nccgroup
2022-08-11 by Robert Ames from SecurityScorecard
2022-08-10 by Sathwik Ram Prakki from Quick Heal
2022-08-04 by Arda Büyükkaya from YouTube (Arda Büyükkaya)
2022-07-28 by Júlio Dantas from SentinelOne
2022-07-25 by Ivan Nicole Chavez from Trend Micro
2022-07-21 by Jim Walter from Sentinel LABS
2022-07-20 by Vishal Kamble from Symantec
2022-07-18 by FortiGuard Labs from Fortinet
2022-07-13 by GLIMPS from GLIMPS
2022-07-10 by Natalie Zargarov from Minerva Labs
2022-07-07 by Cybereason Global SOC Team from Cybereason
2022-07-06 by Cluster25 from Cluster25
2022-07-05 by Cyble Research Labs from cyble
2022-06-24 by ASEC from AhnLab
2022-06-23 by Nikita Nazarov from Kaspersky
2022-06-23 by Nikita Nazarov from Kaspersky
2022-06-09 by Amer Elsad from Palo Alto Networks Unit 42
2022-06-02 by packtsecurity from Packt
2022-06-02 by Mandiant Intelligence from Mandiant
2022-05-23 by Trend Micro Research from Trend Micro
2022-05-23 by Matsugaya Shingo from Trend Micro
2022-05-11 by GReAT from Kaspersky
2022-05-09 by Microsoft 365 Defender Threat Intelligence Team from Microsoft
2022-05-09 by Microsoft Threat Intelligence Center from Microsoft Security
2022-05-06 by Microsoft Security Intelligence from Twitter (@MsftSecIntel)
2022-05-06 by Valéry Rieß-Marchive from LeMagIT
2022-05-05 by Intel 471 from Intel 471
2022-04-27 by James Haughom from Sentinel LABS
2022-04-27 by James Haughom from Sentinel LABS
2022-04-12 by Andrew Brandt from Sophos
2022-04-12 by ConnectWise CRU from ConnectWise
2022-04-06 by SOCRadar from SOCRadar
2022-04-05 by Earle Maui Earnshaw from Trend Micro
2022-04-05 by Earle Maui Earnshaw from Trend Micro
2022-04-05 by Earle Earnshaw from Trend Micro
2022-04-01 by Lawrence Abrams from Bleeping Computer
2022-03-31 by John Fokker from Trellix
2022-03-31 by Bill Toulas from Bleeping Computer
2022-03-23 by Shannon Davis from splunk
2022-03-21 by Benjamin Bruppacher from COMPASS SECURITY
2022-03-19 by Chuong Dong from Chuongdong blog
2022-03-17 by Tilly Travers from Sophos
2022-03-11 by Microsoft Detection and Response Team (DART) from Microsoft
2022-03-11 by Ionut Ilascu from Bleeping Computer
2022-03-11 by Microsoft Detection and Response Team (DART) from Microsoft
2022-02-27 by Catalin Cimpanu from The Record
2022-02-23 by Shannon Davis from splunk
2022-02-14 by Vlad Pasca from LIFARS
2022-02-14 by Allan Nisgaard from DR.DK
2022-02-09 by Anna Skelton from Dragos
2022-02-08 by Intel 471 from Intel 471
2022-02-08 by Trend Micro Research from Trend Micro
2022-02-07 by FBI from FBI
2022-01-27 by CoveWare from
2022-01-26 by Intrinsec from Intrinsec
2022-01-24 by Junestherry Dela Cruz from Trend Micro
2022-01-21 by Falcon OverWatch Team from CrowdStrike
2021-12-16 by Aleksandar Milenkoski from Cybereason
2021-11-23 by Hido Cohen from Morphisec
2021-11-18 by Josh Pyorre from Cisco
2021-11-18 by The Red Canary Team from Red Canary
2021-11-17 by Thomas Moses from CrowdStrike
2021-11-03 by Lawrence Abrams from Bleeping Computer
2021-10-27 by MBSD from MBSD
2021-10-15 by skyblue team from skyblue.team blog
2021-10-12 by CrowdStrike Intelligence Team from CrowdStrike
2021-10-05 by Pedro Tavares from Seguranca Informatica
2021-09-24 by Luigi Martire from Yoroi
2021-09-09 by Megan Roddie from IBM
2021-08-26 by Anastasia Sentsova from Advanced Intelligence
2021-08-24 by Ruchna Nigam from Palo Alto Networks Unit 42
2021-08-24 by KELA Cyber Intelligence Center from KELA
2021-08-17 by Amged Wageh from Medium amgedwageh
2021-08-17 by Amged Wagih from
2021-08-16 by Jett Paulo Bernardo from Trend Micro
2021-08-16 by Cyble from cyble
2021-08-15 by Threat Hunter Team from Symantec
2021-08-12 by Gustavo Palazolo from Netskope
2021-08-11 by Tony Bradley from Cybereason
2021-08-06 by Catalin Cimpanu from The Record
2021-08-04 by Lawrence Abrams from Bleeping Computer
2021-08-04 by Sergiu Gatlan from Bleeping Computer
2021-08-03 by Lawrence Abrams from Bleeping Computer
2021-08-02 by Dmitry Smilyanets from The Record
2021-07-27 by Insikt Group® from Recorded Future
2021-07-27 by Lawrence Abrams from Bleeping Computer
2021-07-22 by Denise Dasom Kim from S2W LAB Inc.
2021-06-18 by PRODAFT from PRODAFT Threat Intelligence
2021-05-13 by Lawrence Abrams from Bleeping Computer
2021-05-10 by DarkTracer from DarkTracer
2021-05-06 by Brandon Denker from Cyborg Security
2021-04-28 by Lawrence Abrams from Bleeping Computer
2021-04-26 by CoveWare from CoveWare
2021-04-07 by Jon DiMaggio from ANALYST1
2021-04-07 by Jon DiMaggio from ANALYST1
2021-03-17 by Catalin Cimpanu from The Record
2021-02-23 by CrowdStrike from CrowdStrike
2021-01-26 by Hyunmin Suh from Medium s2wlab
2021-01-04 by Azim Khodjibaev from Cisco Talos
2020-12-05 by Catalin Cimpanu from ZDNet
2020-11-18 by Victoria Kivilevich from KELA
2020-10-21 by Sean Gallagher from SophosLabs Uncut
2020-10-02 by Lexfo from Lexfo
2020-09-25 by The Crowdstrike Intel Team from CrowdStrike
2020-09-24 by CrowdStrike Intelligence Team from CrowdStrike
2020-09-17 by Drew Schmitt from CRYPSIS
2020-09-01 by David Liebenberg from Cisco Talos
2020-07-29 by welivesecurity from ESET Research
2020-04-28 by Microsoft Threat Protection Intelligence Team from Microsoft
2020-04-24 by Albert Zsigovits from Github (albertzsigovits)
2020-04-24 by Albert Zsigovits from Sophos Labs
Tool: LockBit
Names: LockBit, ABCD Ransomware, LockBit Black
Description: (Kaspersky) LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations. As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally with some of the following threats: • Operations disruption with essential functions coming to a sudden halt. • Extortion for the hacker’s financial gain. • Data theft and illegal publication as blackmail if the victim does not comply.
Category: Malware
Type: Ransomware, Big Game Hunting, Reconnaissance, Remote command
Information: https://www.kaspersky.com/resource-center/threats/lockbit-ransomware
Information: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/
Information: https://arstechnica.com/information-technology/2020/05/lockbit-the-new-ransomware-for-hire-a-sad-and-cautionary-tale/
Information: https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/
Information: https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/
Information: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/
Information: https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf
Information: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/
Information: https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees
Information: https://www.bankinfosecurity.com/ransomware-lockbit-20-borrows-ryuk-egregors-tricks-a-17335
Information: https://www.cybereason.com/blog/cybereason-vs.-lockbit2.0-ransomware
Information: https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool
Information: https://www.ic3.gov/Media/News/2022/220204.pdf
Information: https://www.malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt
Information: https://unit42.paloaltonetworks.com/lockbit-2-ransomware/
Information: https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html
Information: https://www.csoonline.com/article/3665871/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html
Information: https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom
Information: https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html
Information: https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit
Information: https://asec.ahnlab.com/en/41450/
Information: https://www.tripwire.com/state-of-security/lockbit-ransomware-what-you-need-know
Information: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
Information: https://asec.ahnlab.com/en/47739/
Information: https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign
Information: https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html
Information: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
Information: https://securelist.com/crimeware-report-lockbit-switchsymb/110068/
Information: https://www.fortinet.com/blog/threat-research/lockbit-most-prevalent-ransomware
Information: https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit
Alienvault-otx: https://otx.alienvault.com/browse/pulses?q=tag:lockbit
Playbook: https://pan-unit42.github.io/playbook_viewer/?pb=lockbit20-ransomware
Last-card-change: 2023-09-06
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |