ioc[.]one - OSINT Cyber Threat Intelligence Database

LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK

Tags

country:	Chile Italy Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Accessibility Features - T1546.008 Clear Windows Event Logs - T1070.001 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 Hardware - T1592.001 Indicator Removal On Host - T1630 Inhibit System Recovery - T1490 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Service Stop - T1489 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Accessibility Features - T1015 Exfiltration Over Command And Control Channel - T1041 Indicator Removal On Host - T1070 Remote Desktop Protocol - T1076 Valid Accounts - T1078 Indicator Removal On Host Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	2bf1e678-52e2-4375-ad55-b7673ca785c6
Fingerprint	b6962831d360ee46
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 16, 2021, midnight
Added to db	Oct. 16, 2024, 1:50 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
Title	LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
Detected Hints/Tags/Attributes	93/3/55

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_sg/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	11	lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
Details	Domain	5	lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
Details	Domain	5	lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion
Details	File	2	delsvc.bat
Details	File	48	trojan.bat
Details	File	9	av.bat
Details	File	3	logdelete.bat
Details	File	2	pua.bat
Details	File	3	defoff.bat
Details	File	2	lockbit_7d68a5bfd028a31f.exe
Details	File	38	restore-my-files.txt
Details	File	3	ph.exe
Details	File	2	stealbit.exe
Details	File	41	sample.exe
Details	File	2	cryptnn.exe
Details	File	2	psdelsvc.bat
Details	File	11	pchunter64.exe
Details	sha256	6	0545f842ca2eb77bcac0fd17d6d0a8c607d7dbc8669709f3096e5c1828e1c049
Details	sha256	4	0906a0b27f59b6db2a2451a0e0aabf292818e32ddd5404d08bf49c601a466744
Details	sha256	2	255f8465962bedaf7a373da5f721aecbc1d6027ca2e4256c6c4352f2de179ca0
Details	sha256	2	8c0e4a6fd28f94fa17a96f6e424b122f5d1216b230a33c6dff5dbf6654d0721c
Details	sha256	2	a05ed65787b390ba33b04b4b99c3810cbaf684b37f8839e57db8316e6f01af31
Details	sha256	2	a26250b8d2431b497400c8a754285a6259a81a31ae629ee25331f6030b34e543
Details	sha256	2	b09a92dedbcb8d5faed6fcc2194ebaa24da601376b47e1edf705519a7860964e
Details	sha256	2	cb29c6fbd085407e0e8a58e7cd6512c8c5dfa06f88fdeeb9a66d025fdfc6dd32
Details	sha256	2	f03584ecdee29e63dee1b7bf2347f605d1e1d6379a8f55e9a85c6a329bf3967b
Details	sha256	3	3407f26b3d69f1dfce76782fee1256274cf92f744c65aa1ff2d3eaaaf61b0b1d
Details	sha256	4	4bb152c96ba9e25f293bbc03c607918a4452231087053a8cb1a8accb1acc92fd
Details	sha256	4	4edbf2358a9820e030136dc76126c20cc38159df0d8d7b13d30b1c9351e8b277
Details	sha256	5	bcbb1e388759eea5c1fbb4f35c29b6f66f3f4ca4c715bab35c8fc56dcf3fa621
Details	sha256	3	4db7eeed852946803c16373a085c1bb5f79b60d2122d6fc9a2703714cdd9dac0
Details	sha256	2	6876eef67648a3797987745617b9fdfb31a703b7809e7f12bb52c6386e185917
Details	sha256	4	717585e9605ac2a971b7c7537e6e311bab9db02ecc6451e0efada9b2ff38b474
Details	sha256	4	73406e0e7882addf0f810d3bc0e386fd5fd2dd441c895095f4125bb236ae7345
Details	sha256	2	7b5db447f6c29c939f5e0aae1b16431a132db5a2ab4420ba9818af2bf4496d21
Details	sha256	2	aae5e59d6424515c157f3c4a54e4feeb09759d028290ab0271f730e82f58f10f
Details	sha256	2	94e6b969c100483970fc3985bf2b173f2f24d796a079114f584f42484840be28
Details	sha256	2	a398c70a2b3bf8ae8b5ceddf53fcf6daa2b68af2fadb76a8ea6e33b8bbe06f65
Details	sha256	2	98e4c248377b5b62121c7b9ef20fc03df3473cbd886a059998f4210e8df07f15
Details	sha256	4	a7591e4a248c04547579f014c94d7d30aa16a01bb2a25b77df36e30a198df108
Details	sha256	5	acad2d9b291b5a9662aa1469f96995dc547a45e391af9c7fa24f5921b0128b2c
Details	sha256	4	b3faf5d8cbc3c75d4c3897851fdaf8d7a4bd774966b4c25e0e4617546109aed5
Details	sha256	5	d089d57b8b2b32ee9816338e96680127babc5d08a03150740a8459c29ab3ba78
Details	sha256	5	f32e9fb8b1ea73f0a71f3edaebb7f2b242e72d2a4826d6b2744ad3d830671202
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	14	T1546.008
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490
Details	Url	9	http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
Details	Url	4	http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
Details	Url	4	http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion