ioc[.]one - OSINT Cyber Threat Intelligence Database

THREAT ANALYSIS: Assemble LockBit 3.0

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Clear Windows Event Logs - T1070.001 Cmstp - T1218.003 Create Or Modify System Process - T1543 Data Destruction - T1662 Data Destruction - T1485 Debugger Evasion - T1622 Default Accounts - T1078.001 Domain Accounts - T1078.002 Hooking - T1617 Indicator Removal On Host - T1630 Inhibit System Recovery - T1490 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Native Api - T1575 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Reflective Code Loading - T1620 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Service Stop - T1489 Smb/Windows Admin Shares - T1021.002 Software Packing - T1027.002 Software Packing - T1406.002 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Automated Collection - T1119 Bypass User Account Control - T1088 Cmstp - T1191 Credential Dumping - T1003 Execution Through Api - T1106 Hooking - T1179 Indicator Removal On Host - T1070 Obfuscated Files Or Information - T1027 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Rundll32 - T1085 Signed Binary Proxy Execution - T1218 Software Packing - T1045 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Automated Collection Data Destruction Hooking Indicator Removal On Host Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	afd0b428-e6e1-4d47-b83b-271e5cf480a6
Fingerprint	a6b241f35674b662
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 1, 2023, midnight
Added to db	Nov. 19, 2023, 1:13 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	THREAT ANALYSIS: Assemble LockBit 3.0
Title	THREAT ANALYSIS: Assemble LockBit 3.0
Detected Hints/Tags/Attributes	102/3/24

Source URLs

	Redirection	Url
Details	Source	https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3

URL Provider

Details	Provider	Source level domain
Details	cybereason.com	www.cybereason.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	290	✔	Blog	https://www.cybereason.com/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	115	cve-2023-0669
Details	CVE	140	cve-2023-27350
Details	CVE	150	cve-2018-13379
Details	File	3	lb3_rundll32.dll
Details	File	2	lb3_reflectivedll_dllmain.dll
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	41	T1078.001
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	7	T1218.003
Details	MITRE ATT&CK Techniques	15	T1406.002
Details	MITRE ATT&CK Techniques	91	T1620
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490