ioc[.]one - OSINT Cyber Threat Intelligence Database

LockBit 3.0 Update | Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Obfuscated Files Or Information Process Injection
country:	Russia Ukraine
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Clear Windows Event Logs - T1070.001 Cmstp - T1218.003 Create Or Modify System Process - T1543 Data Destruction - T1662 Data Destruction - T1485 Debugger Evasion - T1622 Default Accounts - T1078.001 Domain Accounts - T1078.002 Domains - T1583.001 Domains - T1584.001 Dynamic Resolution - T1637 Dynamic Resolution - T1568 Exploits - T1587.004 Exploits - T1588.005 Indicator Removal On Host - T1630 Inhibit System Recovery - T1490 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Service Stop - T1489 Software Packing - T1027.002 Software Packing - T1406.002 System Services - T1569 Windows Service - T1543.003 Tool - T1588.002 Automated Collection - T1119 Bypass User Account Control - T1088 Cmstp - T1191 Credential Dumping - T1003 Indicator Removal On Host - T1070 Obfuscated Files Or Information - T1027 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Signed Binary Proxy Execution - T1218 Software Packing - T1045 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Automated Collection Data Destruction Indicator Removal On Host Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	bfdcd04f-a61a-4be7-a9de-5f97a3d01309
Fingerprint	a6f2a133d37ca64e
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 21, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 10:43 p.m.
Headline	LockBit 3.0 Update \| Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
Title	LockBit 3.0 Update \| Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques
Detected Hints/Tags/Attributes	98/3/43

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	538	pic.twitter.com
Details	Domain	6	lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
Details	Domain	7	lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
Details	Domain	6	lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
Details	Domain	6	lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
Details	Domain	11	lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
Details	Domain	6	lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
Details	Domain	6	lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion
Details	Domain	6	lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion
Details	Domain	6	lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
Details	Domain	1	lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion
Details	Domain	4	lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
Details	Domain	4	lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion
Details	Domain	4	lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
Details	Domain	4	lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion
Details	Domain	4	lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion
Details	Domain	4	lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion
Details	Domain	4	lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
Details	Domain	4	lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
Details	Domain	4	lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion
Details	File	4	lockbit.exe
Details	sha1	1	ced1c9fabfe7e187dd809e77c9ca28ea2e165fa8
Details	sha1	1	371353e9564c58ae4722a03205ac84ab34383d8c
Details	sha1	2	c2a321b6078acfab582a195c3eaf3fe05e095ce0
Details	sha256	1	f9b9d45339db9164a3861bf61758b7f41e6bcfb5bc93404e296e2918e52ccc10
Details	sha256	5	a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e
Details	sha256	5	d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	41	T1078.001
Details	MITRE ATT&CK Techniques	15	T1406.002
Details	MITRE ATT&CK Techniques	7	T1218.003
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	111	T1119