LockBit 3.0 aka “LockBit Black”, noted in June of this year has coincided with a large increase of victims being published to the LockBit leak site, indicating that the past few months has heralded a period of intense activity for the LockBit collective.
REFERENCE: https://research.nccgroup.com/2022/08/19/back-in-black-unlocking-a-lockbit-3-0-ransomware-attack/
TAGS: LockBit, Ransomware, LockBit Black, SocGholish, Cobalt Strike, Bloodhound, Seatbelt, RDP, exfiltration, Mega, PsExec
MALWARE FAMILIES: Cobalt Strike, SocGholish, LockBit
ATT&CK IDS: T1530 - Data from Cloud Storage Object, T1550 - Use Alternate Authentication Material, T1176 - Browser Extensions, T1105 - Ingress Tool Transfer, T1021 - Remote Services, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1189 - Drive-by Compromise, T1482 - Domain Trust Discovery, T1486 - Data Encrypted for Impact, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, T1562 - Impair Defenses, T1567 - Exfiltration Over Web Service, T1569 - System Services, T1059.003 - Windows Command Shell, T1059.001 - PowerShell, T1569.002 - Service Execution, T1569.002 - Service Execution, T1547.001 - Registry Run Keys / Startup Folder, T1562.001 - Disable or Modify Tools, T1070.001 - Clear Windows Event Logs, T1021.002 - SMB/Windows Admin Shares, T1021.001 - Remote Desktop Protocol, T1560.001 - Archive via Utility, T1071.001 - Web Protocols, T1567.002 - Exfiltration to Cloud Storage
Read More:
Comentarios