Indicators of Compromise Associated with LockBit 2.0 Ransomware
The Federal Bureau of Investigation has released indicators of compromise (IOCs) associated with the LockBit 2.0 ransomware.
LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
After compromising a victim network, LockBit 2.0 actors use publicly available tools such as Mimikatz to escalate privileges. The threat actors then use both publicly available and custom tools to exfiltrate data followed by encryption using the Lockbit malware. The actors always leave a ransom note in each affected directory within victim systems, which provides instructions on how to obtain the decryption software. The ransom note also threatens to leak exfiltrated victim data on the LockBit 2.0 leak site and demands a ransom to avoid these actions.
You can read the full document here – https://www.ic3.gov/Media/News/2022/220204.pdf
IP Addresses
139.60.160.200
93.190.139.223
45.227.255.190
193.162.143.218
168.100.11.72
93.190.143.101
88.80.147.102
193.38.235.234
174.138.62.35
185.215.113.39
185.182.193.120
Blogger at www.systemtek.co.uk