Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
Tags
attack-pattern: Data Model Clear Windows Event Logs - T1070.001 Credentials - T1589.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID a85d3d1a-56bb-40b5-9fbb-0eb9e88da4cc
Fingerprint 8574c059220eb60f
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 10, 2022, 11 a.m.
Added to db Feb. 18, 2023, 1:27 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
Title Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
Detected Hints/Tags/Attributes 69/1/17
Source URLs
Redirection Url
Details Source https://news.sophos.com/en-us/2022/08/10/lockbit-hive-and-blackcat-attack-automotive-supplier-in-triple-ransomware-attack/
URL Provider
Details Provider Source level domain
Details sophos.com news.sophos.com
Attributes
Details Type #Events CTI Value
Details File 5 
sharefinder.ps1
Details File 27 
invoke-mimikatz.ps1
Details File 61 
1.bat
Details File 16 
2.bat
Details File 1 
lockbit_af51c0a7004b80ea.exe
Details File 21 
locker.exe
Details File 38 
restore-my-files.txt
Details File 4 
windows_x32_encrypt.exe
Details File 18 
how_to_decrypt.txt
Details File 1 
fxxx.exe
Details File 1 
fxxxx.exe
Details File 1 
recover-eprzzxl-files.txt
Details File 345 
vssadmin.exe
Details File 2125 
cmd.exe
Details File 23 
'wevtutil.exe
Details File 95 
wevtutil.exe
Details Windows Registry Key 17 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters