Lockbit

Description

External Analysis
https://blog.compass-security.com/2022/03/vpn-appliance-forensics/
https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html
https://lifars.com/wp-content/uploads/2022/02/LockBitRansomware_Whitepaper.pdf
https://security.packt.com/understanding-lockbit/
https://socradar.io/lockbit-3-another-upgrade-to-worlds-most-active-ransomware/
https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/
https://www.crowdstrike.com/blog/better-together-global-attitude-survey-takeaways-2021/
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021/
https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-variants
https://www.ic3.gov/Media/News/2022/220204.pdf
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html
https://amgedwageh.medium.com/lockbit-ransomware-analysis-notes-93a542fc8511
https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel
https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf
https://asec.ahnlab.com/en/35822/
https://asec.ahnlab.com/ko/39682/
https://blog.cyble.com/2021/08/16/a-deep-dive-analysis-of-lockbit-2-0/
https://blog.cyble.com/2022/07/05/lockbit-3-0-ransomware-group-launches-new-version/
https://blog.lexfo.fr/lockbit-malware.html
https://blog.minerva-labs.com/lockbit-3.0-aka-lockbit-black-is-here-with-a-new-icon-new-ransom-note-new-wallpaper-but-less-evasiveness
https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html
https://chuongdong.com/reverse%20engineering/2022/03/19/LockbitRansomware/
https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/
https://cybergeeks.tech/a-technical-analysis-of-the-leaked-lockbit-3-0-builder/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://documents.trendmicro.com/assets/pdf/datasheet-ransomware-in-Q1-2022.pdf
https://github.com/albertzsigovits/malware-notes/blob/master/Ransomware/Lockbit.md
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://id-ransomware.blogspot.com/search?q=lockbit
https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker
https://intel471.com/blog/privateloader-malware
https://ke-la.com/lockbit-2-0-interview-with-russian-osint/
https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/
https://lifars.com/wp-content/uploads/2022/02/LockBitRansomware_Whitepaper.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf
https://medium.com/@amgedwageh/lockbit-ransomware-analysis-notes-93a542fc8511
https://medium.com/s2wlab/w4-jan-en-story-of-the-week-ransomware-on-the-darkweb-7595544363b1
https://medium.com/s2wlab/w4-july-en-story-of-the-week-ransomware-on-the-darkweb-c61965d0386a
https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/
https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
https://redcanary.com/blog/intelligence-insights-november-2021/
https://research.nccgroup.com/2022/08/19/back-in-black-unlocking-a-lockbit-3-0-ransomware-attack
https://securelist.com/modern-ransomware-groups-ttps/106824/
https://securelist.com/new-ransomware-trends-in-2022/106457/
https://security.packt.com/understanding-lockbit/
https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/
https://securityscorecard.com/research/the-increase-in-ransomware-attacks-on-local-governments
https://seguranca-informatica.pt/malware-analysis-details-on-lockbit-ransomware/
https://skyblue.team/posts/hive-recovery-from-lockbit-2.0/
https://socradar.io/lockbit-3-another-upgrade-to-worlds-most-active-ransomware/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-1-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254354
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-2-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254421
https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/
https://therecord.media/australian-cybersecurity-agency-warns-of-spike-in-lockbit-ransomware-attacks/
https://therecord.media/conti-ransomware-gang-chats-leaked-by-pro-ukraine-member/
https://therecord.media/missed-opportunity-bug-in-lockbit-ransomware-allowed-free-decryptions/
https://twitter.com/MsftSecIntel/status/1522690116979855360
https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-blackmatter-lockbit-thor
https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/
https://www.advanced-intel.com/post/from-russia-with-lockbit-ransomware-inside-look-preventive-solutions
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-attack-on-bridgestone-americas/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/
https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/
https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-italys-lazio-region-affects-covid-19-site/
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-1st-2022-i-can-fight-with-a-keyboard/
https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/
https://www.connectwise.com/resources/lockbit-profile
https://www.coveware.com/blog/2022/1/26/ransomware-as-a-service-innovation-curve
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.crowdstrike.com/blog/better-together-global-attitude-survey-takeaways-2021/
https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
https://www.crowdstrike.com/blog/how-crowdstrike-prevents-volume-shadow-tampering-by-lockbit-ransomware/
https://www.crypsisgroup.com/insights/ransomwares-new-trend-exfiltration-and-extortion
https://www.cybereason.com/blog/rising-threat-from-lockbit-ransomware
https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool
https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.dr.dk/nyheder/viden/teknologi/frygtede-skulle-lukke-alle-vindmoeller-nu-aabner-vestas-op-om-hacking-angreb
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021/
https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-variants
https://www.glimps.fr/lockbit3-0/
https://www.ic3.gov/Media/News/2022/220204.pdf
https://www.intrinsec.com/alphv-ransomware-gang-analysis
https://www.lemagit.fr/actualites/252516821/Ransomware-LockBit-30-commence-a-etre-utilise-dans-des-cyberattaques
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
https://www.mbsd.jp/2021/10/27/assets/images/MBSD_WhitePaper_A-deep-dive-analysis-of-LockBit2.0_Ransomware.pdf
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
https://www.netskope.com/blog/netskope-threat-coverage-lockbit
https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf
https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/
https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/
https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/thwarting-loaders-from-socgholish-to-blisters-lockbit-payload/iocs-thwarting-loaders-socgholish-blister.txt
https://www.trendmicro.com/en_no/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html
https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html
https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-conti-and-blackcat-lead-pack-amid-rise-in-active-raas-and-extortion-groups-ransomware-in-q1-2022
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit
https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf
https://www.youtube.com/watch?v=C733AyPzkoc
https://www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/
https://yoroi.company/research/hunting-the-lockbit-gangs-exfiltration-infrastructures/
Urls
Screen
http://lockbitkodidilol.onion
File servers
Screen