LockBit: Ransomware Puts Servers in the Crosshairs
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Mshta - T1170 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID c0e014b0-de3c-40ef-ae31-382e81445a18
Fingerprint a6bae531ca307666
Analysis status DONE
Considered CTI value 0
Text language
Published July 20, 2022, midnight
Added to db Jan. 16, 2023, 3:58 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline LockBit: Ransomware Puts Servers in the Crosshairs
Title LockBit: Ransomware Puts Servers in the Crosshairs
Detected Hints/Tags/Attributes 56/1/14
Source URLs
Redirection Url
Details Source http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers
URL Provider
Details Provider Source level domain
Details security.com symantec-enterprise-blogs.security.com
Attributes
Details Type #Events CTI Value
Details Domain 32 
temp.sh
Details File 2130 
cmd.exe
Details File 172 
dllhost.exe
Details File 37 
userenv.dll
Details File 85 
c:\windows\system32\dllhost.exe
Details File 14 
c:\windows\syswow64\dllhost.exe
Details File 1212 
powershell.exe
Details File 16 
gpupdate.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 457 
mshta.exe
Details File 2 
lockbit_6341d6e5844c8289.exe
Details File 2 
llll.exe
Details sha256 3 
5181d2e71e8e73a82712a483a80aaea94e1efa785f2b8b8ee9641544c0b652f0
Details Url 2 
https://temp.sh/aerda/lockbit_6341d6e5844c8289.exe