SYMBOLCOMMON_NAMEaka. SYNONYMS
win.lockbit (Back to overview)

LockBit

aka: ABCD Ransomware
VTCollection    

There is no description at this point.

References
2024-02-20National Crime AgencyNational Crime Agency (NCA)
International investigation disrupts the world’s most harmful cyber crime group
LockBit LockBit LockBit
2024-02-20EuropolEuropol
Law enforcement disrupt world’s biggest ransomware operation
LockBit LockBit LockBit
2024-02-20Washington PostLeo Sands
‘World’s most harmful’ cybercriminal group disrupted in 11-nation operation
LockBit LockBit LockBit
2024-02-08ANALYST1Anastasia Sentsova, Jon DiMaggio
“This Forum is a Bunch of Communists and They Set Me Up”, LockBit Spills the Tea Regarding Their Recent Ban on Russian-Speaking Forums
LockBit
2023-12-22PRODAFTPRODAFT
Smoke and Mirrors: Understanding The Workings of Wazawaka
Conti Monti Babuk Hive LockBit RagnarLocker Trigona
2023-12-20Sophos X-OpsMark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit
2023-10-03Luca Mella
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
LockBit LockBit Conti LockBit
2023-09-07PRODAFTPRODAFT
PTI-257 (ex-Wizard Spider) - IOCs
LockBit LockBit
2023-07-26TalosNicole Hoffman
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-06-22Kaspersky LabsGReAT
LockBit Green and phishing that targets organizations
LockBit LockBit
2023-06-17Github (EmissarySpider)EmissarySpider
ransomware-descendants
Babuk Conti LockBit
2023-06-14CISAANSSI, Australian Cyber Security Centre (ACSC), Bundesamt für Sicherheit in der Informationstechnik (BSI), Canadian Centre for Cyber Security (CCCS), CERT NZ, FBI, MS-ISAC, NCSC UK, New Zealand National Cyber Security Centre (NZ NCSC)
Understanding Ransomware Threat Actors: Lockbit
LockBit
2023-05-23loginsoftSaharsh Agrawal
Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350
Clop LockBit Silence
2023-05-16KrebsOnSecurityBrian Krebs
Russian Hacker “Wazawaka” Indicted for Ransomware
Babuk Hive LockBit LockBit Babuk Hive LockBit
2023-04-19Bleeping ComputerBill Toulas
March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-14GLIMPSGLIMPS
Lockbit changes color
LockBit
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-02-28FortinetEliran Voronovitch
Can You See It Now? An Emerging LockBit Campaign
LockBit
2023-02-01Security AffairsPierluigi Paganini
New LockBit Green ransomware variant borrows code from Conti ransomware
Conti LockBit
2023-02-01SeqriteSathwik Ram Prakki
Uncovering LockBit Black’s Attack Chain and Anti-forensic activity
LockBit
2023-01-16ANALYST1Jon DiMaggio
Unlocking Lockbit: A Ransomware Story
LockBit LockBit
2022-11-30SophosAndrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-08AhnLabASEC
LockBit 3.0 Being Distributed via Amadey Bot
Amadey Gandcrab LockBit
2022-10-18LogpointAnish Bogati, Nilaa Maharjan
Hunting Lockbit Variation
LockBit
2022-10-15vmwareDana Behling
LockBit 3.0 Ransomware Unlocked
LockBit
2022-10-11AhnLabASEC Analysis Team
From Exchange Server vulnerability to ransomware infection in just 7 days
LockBit MimiKatz
2022-09-22Cyber GeeksVlad Pasca
A Technical Analysis Of The Leaked LOCKBIT 3.0 Builder
LockBit
2022-09-22Medium s2wlabJeong Hyunsik, Yang HuiSeong
Quick Overview of Leaked LockBit 3.0 (Black) builder program
LockBit
2022-08-28BleepingComputerIonut Ilascu
LockBit ransomware gang gets aggressive with triple-extortion tactic
LockBit
2022-08-19nccgroupRoss Inman
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
FAKEUPDATES Cobalt Strike LockBit
2022-08-11SecurityScorecardRobert Ames
The Increase in Ransomware Attacks on Local Governments
BlackCat BlackCat Cobalt Strike LockBit
2022-08-10Quick HealSathwik Ram Prakki
Indian Power Sector targeted with latest LockBit 3.0 variant
LockBit
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-28SentinelOneJames Haughom, Julien Reisdorffer, Júlio Dantas
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-25Trend MicroByron Gelera, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Gregory Ragasa, Nathaniel Morales
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit
2022-07-21Sentinel LABSAleksandar Milenkoski, Jim Walter
LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
LockBit
2022-07-20SymantecLahu Khatal, Vishal Kamble
LockBit: Ransomware Puts Servers in the Crosshairs
LockBit
2022-07-18FortinetFortiGuard Labs
Ransomware Roundup: Protecting Against New Variants
LockBit LockBit
2022-07-13GLIMPSGLIMPS
Lockbit 3.0
BlackMatter DarkSide LockBit
2022-07-10Minerva LabsNatalie Zargarov
Lockbit 3.0 AKA Lockbit Black is here, with a new icon, new ransom note, new wallpaper, but less evasiveness?
LockBit
2022-07-07CybereasonCybereason Global SOC Team
THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom
LockBit
2022-07-06Cluster25Cluster25
LockBit 3.0: “Making The Ransomware Great Again”
LockBit
2022-07-05cybleCyble Research Labs
Lockbit 3.0 – Ransomware Group Launches New Version
LockBit
2022-06-24AhnLabASEC
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
LockBit
2022-06-23KasperskyDanila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)
BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker
2022-06-23KasperskyDanila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok
2022-06-09Palo Alto Networks Unit 42Abigail Barr, Amer Elsad, JR Gumarin
LockBit 2.0: How This RaaS Operates and How to Protect Against It
LockBit
2022-06-02MandiantMandiant Intelligence
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-06-02Packtpacktsecurity
A SecPro Super Issue: Understanding LockBit
LockBit LockBit BITWISE SPIDER
2022-05-23Trend MicroMatsugaya Shingo
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022
BlackCat Conti LockBit
2022-05-23Trend MicroTrend Micro Research
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF)
BlackCat Conti LockBit
2022-05-11KasperskyGReAT
New ransomware trends in 2022
BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09Microsoft SecurityMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-06LeMagITValéry Rieß-Marchive
Ransomware: LockBit 3.0 Starts Using in Cyberattacks
LockBit
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-05-05Intel 471Intel 471
Cybercrime loves company: Conti cooperated with other ransomware gangs
LockBit Maze RagnarLocker Ryuk
2022-04-27Sentinel LABSJames Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-27Sentinel LABSJames Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-12ConnectWiseConnectWise CRU
Threat Profile: LockBit
LockBit
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-04-06SOCRadarSOCRadar
Lockbit 3.0: Another Upgrade to World’s Most Active Ransomware
LockBit LockBit BITWISE SPIDER
2022-04-05Trend MicroAbdelrhman Sharshar, Earle Maui Earnshaw, Ian Kenefick, Lucas Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload (IoCs)
FAKEUPDATES Blister LockBit
2022-04-05Trend MicroAbdelrhman Sharshar, Earle Maui Earnshaw, Ian Kenefick, Lucas Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
FAKEUPDATES Blister LockBit
2022-04-05Trend MicroAbdelrhman Sharshar, Earle Earnshaw, Ian Kenefick, Lucas Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Blister LockBit
2022-04-01Bleeping ComputerLawrence Abrams
The Week in Ransomware - April 1st 2022 - 'I can fight with a keyboard'
Hive Dharma LockBit STOP SunCrypt
2022-03-31Bleeping ComputerBill Toulas
LockBit victim estimates cost of ransomware attack to be $42 million
LockBit LockBit
2022-03-31TrellixJambul Tologonov, John Fokker
Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot
2022-03-23splunkShannon Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-19Chuongdong blogChuong Dong
LockBit Ransomware v2.0
LockBit
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-11Bleeping ComputerIonut Ilascu
LockBit ransomware gang claims attack on Bridgestone Americas
LockBit
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
Part 1: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
Part 2: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-02-27The RecordCatalin Cimpanu
Conti ransomware gang chats leaked by pro-Ukraine member
Conti LockBit
2022-02-23splunkShannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-02-14DR.DKAllan Nisgaard, Ingeborg Munk Toft, Kenrik Moltke, Marcel Mirzaei-Fard
Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb
LockBit
2022-02-14LIFARSVlad Pasca
A Detailed Analysis of The LockBit Ransomware
LockBit LockBit
2022-02-09DragosAnna Skelton
Dragos ICS/OT Ransomware Analysis: Q4 2021
LockBit Conti LockBit
2022-02-08Trend MicroTrend Micro Research
Ransomware Spotlight: LockBit
LockBit BITWISE SPIDER
2022-02-08Intel 471Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-07FBIFBI
CU-000162-MW: Indicators of Compromise Associated with LockBit 2.0 Ransomware
LockBit LockBit
2022-01-27CoveWare
Ransomware as a Service Innovation Curve
Conti LockBit
2022-01-26IntrinsecIntrinsec
ALPHV ransomware gang analysis
BlackCat LockBit
2022-01-24Trend MicroJunestherry Dela Cruz
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit
2022-01-21CrowdStrikeFalcon OverWatch Team
Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges
LockBit LockBit BITWISE SPIDER
2021-12-16CybereasonAleksandar Milenkoski, Kotaro Ogino
Inside the LockBit Arsenal - The StealBit Exfiltration Tool
LockBit StealBit
2021-11-23MorphisecArnold Osipov, Hido Cohen
Babadeda Crypter targeting crypto, NFT, and DeFi communities
Babadeda BitRAT LockBit Remcos
2021-11-18Red CanaryThe Red Canary Team
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-18CiscoJosh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX
2021-11-17CrowdStrikeLiviu Arsene, Sarang Sonawane, Thomas Moses
Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit
2021-11-03Bleeping ComputerLawrence Abrams
BlackMatter ransomware moves victims to LockBit after shutdown
BlackMatter BlackMatter LockBit
2021-10-27MBSDMBSD
ランサムウェア「LockBit2.0」の内部構造を紐
LockBit
2021-10-15skyblue.team blogskyblue team
Recovering registry hives encrypted by LockBit 2.0
LockBit
2021-10-12CrowdStrikeCrowdStrike Intelligence Team
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil
2021-10-05Seguranca InformaticaPedro Tavares
Malware analysis: Details on LockBit ransomware
LockBit
2021-09-24YoroiLuca Mella, Luigi Martire
Hunting the LockBit Gang's Exfiltration Infrastructures
LockBit StealBit
2021-09-09IBMMegan Roddie
LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
LockBit
2021-08-26Advanced IntelligenceAnastasia Sentsova
From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions
LockBit
2021-08-24Palo Alto Networks Unit 42Doel Santos, Ruchna Nigam
Ransomware Groups to Watch: Emerging Threats
HelloKitty AvosLocker HelloKitty Hive LockBit
2021-08-24KELAKELA Cyber Intelligence Center
LockBit 2.0 Interview with Russian OSINT
LockBit
2021-08-17Amged Wagih
LockBit Ransomware - Technical Anlysis
LockBit
2021-08-17Medium amgedwagehAmged Wageh
LockBit Ransomware Analysis Notes
LockBit
2021-08-16Trend MicroByron Gelera, Cris Tomboc, Jayson Chong, Jett Paulo Bernardo, Mark Marti, Nikki Madayag, Sean Torre
LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
LockBit
2021-08-16cybleCyble
A Deep-dive Analysis of LOCKBIT 2.0
LockBit
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-08-12NetskopeGustavo Palazolo
Netskope Threat Coverage: LockBit
LockBit
2021-08-11CybereasonTony Bradley
The Rising Threat from LockBit Ransomware
LockBit
2021-08-06The RecordCatalin Cimpanu
Australian cybersecurity agency warns of spike in LockBit ransomware attacks
LockBit
2021-08-04Bleeping ComputerSergiu Gatlan
Energy group ERG reports minor disruptions after ransomware attack
LockBit
2021-08-04Bleeping ComputerLawrence Abrams
LockBit ransomware recruiting insiders to breach corporate networks
LockBit
2021-08-03Bleeping ComputerLawrence Abrams
Ransomware attack hits Italy's Lazio region, affects COVID-19 site
LockBit RansomEXX
2021-08-02The RecordDmitry Smilyanets
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil
DarkSide LockBit REvil
2021-07-27Bleeping ComputerLawrence Abrams
LockBit ransomware now encrypts Windows domains using group policies
Egregor LockBit
2021-07-27Recorded FutureInsikt Group®
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
DarkSide LockBit REvil
2021-07-22S2W LAB Inc.Denise Dasom Kim, Jungyeon Lim, Sujin Lim, Yeonghyeon Jeong
W4 July | EN | Story of the week: Ransomware on the Darkweb
LockBit SunCrypt
2021-06-18PRODAFT Threat IntelligencePRODAFT
LockBit RaaS In-Depth Analysis
LockBit
2021-05-13Bleeping ComputerLawrence Abrams
Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil
2021-05-10DarkTracerDarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
2021-05-06Cyborg SecurityBrandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX
2021-04-28Bleeping ComputerLawrence Abrams
UK rail network Merseyrail likely hit by Lockbit ransomware
LockBit
2021-04-26CoveWareCoveWare
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia - Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER
2021-03-17The RecordCatalin Cimpanu
Missed opportunity: Bug in LockBit ransomware allowed free decryptions
LockBit
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-01-26Medium s2wlabHyunmin Suh
W4 Jan | EN | Story of the week: Ransomware on the Darkweb
Avaddon Babuk LockBit
2021-01-04Cisco TalosAzim Khodjibaev, Dmytro Korzhevin, Kendall McKay
Interview with a LockBit ransomware operator
LockBit
2020-12-05ZDNetCatalin Cimpanu
Ransomware hits helicopter maker Kopter
LockBit
2020-11-18KELAVictoria Kivilevich
Zooming into Darknet Threats Targeting Japanese Organizations
Conti DoppelPaymer Egregor LockBit Maze REvil Snake
2020-10-21SophosLabs UncutSean Gallagher
LockBit uses automated attack tools to identify tasty targets
LockBit
2020-10-02LexfoLexfo
Lockbit analysis
LockBit
2020-09-25CrowdStrikeThe Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER
2020-09-24CrowdStrikeCrowdStrike Intelligence Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER OVERLORD SPIDER
2020-09-17CRYPSISDrew Schmitt
Ransomware’s New Trend: Exfiltration and Extortion
LockBit
2020-09-01Cisco TalosCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends in Summer 2020
Cobalt Strike LockBit Mailto Maze Ryuk
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-04-28MicrosoftMicrosoft Threat Protection Intelligence Team
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
LockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood
2020-04-24Github (albertzsigovits)Albert Zsigovits
LockBit ransomware IoCs
LockBit
2020-04-24Sophos LabsAlbert Zsigovits
LockBit ransomware borrows tricks to keep up with REvil and Maze
LockBit
Yara Rules
[TLP:WHITE] win_lockbit_auto (20230808 | Detects win.lockbit.)
rule win_lockbit_auto {

    meta:
        author = "Felix Bilstein - yara-signator at cocacoding dot com"
        date = "2023-12-06"
        version = "1"
        description = "Detects win.lockbit."
        info = "autogenerated rule brought to you by yara-signator"
        tool = "yara-signator v0.6.0"
        signator_config = "callsandjumps;datarefs;binvalue"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit"
        malpedia_rule_date = "20231130"
        malpedia_hash = "fc8a0e9f343f6d6ded9e7df1a64dac0cc68d7351"
        malpedia_version = "20230808"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    /* DISCLAIMER
     * The strings used in this rule have been automatically selected from the
     * disassembly of memory dumps and unpacked files, using YARA-Signator.
     * The code and documentation is published here:
     * https://github.com/fxb-cocacoding/yara-signator
     * As Malpedia is used as data source, please note that for a given
     * number of families, only single samples are documented.
     * This likely impacts the degree of generalization these rules will offer.
     * Take the described generation method also into consideration when you
     * apply the rules in your use cases and assign them confidence levels.
     */


    strings:
        $sequence_0 = { 0f28c8 660f73f904 660fefc8 0f28c1 660f73f804 }
            // n = 5, score = 300
            //   0f28c8               | movaps              xmm1, xmm0
            //   660f73f904           | pslldq              xmm1, 4
            //   660fefc8             | pxor                xmm1, xmm0
            //   0f28c1               | movaps              xmm0, xmm1
            //   660f73f804           | pslldq              xmm0, 4

        $sequence_1 = { 50 e8???????? 8d858cfeffff 50 8d45c0 50 8d45a0 }
            // n = 7, score = 300
            //   50                   | push                eax
            //   e8????????           |                     
            //   8d858cfeffff         | lea                 eax, [ebp - 0x174]
            //   50                   | push                eax
            //   8d45c0               | lea                 eax, [ebp - 0x40]
            //   50                   | push                eax
            //   8d45a0               | lea                 eax, [ebp - 0x60]

        $sequence_2 = { fec1 47 4e 85f6 75d2 5d }
            // n = 6, score = 300
            //   fec1                 | inc                 cl
            //   47                   | inc                 edi
            //   4e                   | dec                 esi
            //   85f6                 | test                esi, esi
            //   75d2                 | jne                 0xffffffd4
            //   5d                   | pop                 ebp

        $sequence_3 = { 56 57 8d9d84fcffff b900c2eb0b e2fe e8???????? 53 }
            // n = 7, score = 300
            //   56                   | push                esi
            //   57                   | push                edi
            //   8d9d84fcffff         | lea                 ebx, [ebp - 0x37c]
            //   b900c2eb0b           | mov                 ecx, 0xbebc200
            //   e2fe                 | loop                0
            //   e8????????           |                     
            //   53                   | push                ebx

        $sequence_4 = { 6683f866 7706 6683e857 eb17 6683f830 720c 6683f839 }
            // n = 7, score = 300
            //   6683f866             | cmp                 ax, 0x66
            //   7706                 | ja                  8
            //   6683e857             | sub                 ax, 0x57
            //   eb17                 | jmp                 0x19
            //   6683f830             | cmp                 ax, 0x30
            //   720c                 | jb                  0xe
            //   6683f839             | cmp                 ax, 0x39

        $sequence_5 = { 33db 55 8b6d10 8bc1 }
            // n = 4, score = 300
            //   33db                 | xor                 ebx, ebx
            //   55                   | push                ebp
            //   8b6d10               | mov                 ebp, dword ptr [ebp + 0x10]
            //   8bc1                 | mov                 eax, ecx

        $sequence_6 = { 8d8550fdffff 50 6a00 ff15???????? }
            // n = 4, score = 300
            //   8d8550fdffff         | lea                 eax, [ebp - 0x2b0]
            //   50                   | push                eax
            //   6a00                 | push                0
            //   ff15????????         |                     

        $sequence_7 = { 33c0 8d7df0 33c9 53 0fa2 }
            // n = 5, score = 300
            //   33c0                 | xor                 eax, eax
            //   8d7df0               | lea                 edi, [ebp - 0x10]
            //   33c9                 | xor                 ecx, ecx
            //   53                   | push                ebx
            //   0fa2                 | cpuid               

        $sequence_8 = { f745f800000002 740c 5f 5e }
            // n = 4, score = 300
            //   f745f800000002       | test                dword ptr [ebp - 8], 0x2000000
            //   740c                 | je                  0xe
            //   5f                   | pop                 edi
            //   5e                   | pop                 esi

        $sequence_9 = { 02d3 8a5c1500 8a541d00 8a541500 fec2 8a441500 }
            // n = 6, score = 300
            //   02d3                 | add                 dl, bl
            //   8a5c1500             | mov                 bl, byte ptr [ebp + edx]
            //   8a541d00             | mov                 dl, byte ptr [ebp + ebx]
            //   8a541500             | mov                 dl, byte ptr [ebp + edx]
            //   fec2                 | inc                 dl
            //   8a441500             | mov                 al, byte ptr [ebp + edx]

        $sequence_10 = { 33d0 8bc1 c1e810 0fb6c0 c1e208 }
            // n = 5, score = 300
            //   33d0                 | xor                 edx, eax
            //   8bc1                 | mov                 eax, ecx
            //   c1e810               | shr                 eax, 0x10
            //   0fb6c0               | movzx               eax, al
            //   c1e208               | shl                 edx, 8

        $sequence_11 = { 53 56 57 33c0 8b5d14 33c9 33d2 }
            // n = 7, score = 300
            //   53                   | push                ebx
            //   56                   | push                esi
            //   57                   | push                edi
            //   33c0                 | xor                 eax, eax
            //   8b5d14               | mov                 ebx, dword ptr [ebp + 0x14]
            //   33c9                 | xor                 ecx, ecx
            //   33d2                 | xor                 edx, edx

        $sequence_12 = { 8d45f8 50 8d45fc 50 ff75fc ff75f4 }
            // n = 6, score = 300
            //   8d45f8               | lea                 eax, [ebp - 8]
            //   50                   | push                eax
            //   8d45fc               | lea                 eax, [ebp - 4]
            //   50                   | push                eax
            //   ff75fc               | push                dword ptr [ebp - 4]
            //   ff75f4               | push                dword ptr [ebp - 0xc]

        $sequence_13 = { e9???????? 6683f841 720c 6683f846 7706 6683e837 }
            // n = 6, score = 300
            //   e9????????           |                     
            //   6683f841             | cmp                 ax, 0x41
            //   720c                 | jb                  0xe
            //   6683f846             | cmp                 ax, 0x46
            //   7706                 | ja                  8
            //   6683e837             | sub                 ax, 0x37

        $sequence_14 = { 6a00 6a00 6800000040 ff75d4 }
            // n = 4, score = 300
            //   6a00                 | push                0
            //   6a00                 | push                0
            //   6800000040           | push                0x40000000
            //   ff75d4               | push                dword ptr [ebp - 0x2c]

        $sequence_15 = { 5b 8907 897704 894f08 89570c f745f800000002 740c }
            // n = 7, score = 300
            //   5b                   | pop                 ebx
            //   8907                 | mov                 dword ptr [edi], eax
            //   897704               | mov                 dword ptr [edi + 4], esi
            //   894f08               | mov                 dword ptr [edi + 8], ecx
            //   89570c               | mov                 dword ptr [edi + 0xc], edx
            //   f745f800000002       | test                dword ptr [ebp - 8], 0x2000000
            //   740c                 | je                  0xe

        $sequence_16 = { 214493fc 8b5df8 8bc3 43 }
            // n = 4, score = 200
            //   214493fc             | and                 dword ptr [ebx + edx*4 - 4], eax
            //   8b5df8               | mov                 ebx, dword ptr [ebp - 8]
            //   8bc3                 | mov                 eax, ebx
            //   43                   | inc                 ebx

        $sequence_17 = { 7407 8bce e8???????? 837b0402 }
            // n = 4, score = 200
            //   7407                 | je                  9
            //   8bce                 | mov                 ecx, esi
            //   e8????????           |                     
            //   837b0402             | cmp                 dword ptr [ebx + 4], 2

        $sequence_18 = { 7414 663901 740f 0f1f440000 }
            // n = 4, score = 200
            //   7414                 | je                  0x16
            //   663901               | cmp                 word ptr [ecx], ax
            //   740f                 | je                  0x11
            //   0f1f440000           | nop                 dword ptr [eax + eax]

        $sequence_19 = { 1bdb 83e30b 83c328 ff7518 8b7d08 8d049500000000 ff7514 }
            // n = 7, score = 200
            //   1bdb                 | sbb                 ebx, ebx
            //   83e30b               | and                 ebx, 0xb
            //   83c328               | add                 ebx, 0x28
            //   ff7518               | push                dword ptr [ebp + 0x18]
            //   8b7d08               | mov                 edi, dword ptr [ebp + 8]
            //   8d049500000000       | lea                 eax, [edx*4]
            //   ff7514               | push                dword ptr [ebp + 0x14]

    condition:
        7 of them and filesize < 2049024
}
Download all Yara Rules