Block updated `LockBit` ransomware encryptors used in attacks since Feb 2024

[summercms]

Enhancement idea

• [x] Block updated LockBit ransomware encryptors used in attacks since Feb 2024.

Description

As of yesterday, LockBit appears to be conducting attacks again, with new encryptors and infrastructure setup for data leak and negotiation sites.

Links

https://www.virustotal.com/gui/file/c244ab74a7436cfcef4725474761a0996a8b3c66b8a67da675620382c2be962a

https://www.virustotal.com/gui/file/8d7a7439c4317f52b5bd3bb12a54e7f445c1b015d3dd027821daffa08fd892dc

https://github.com/summercms/ransomware_notes/blob/main/lockbit/%5Bid%5D.README.txt

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion
lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion
lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion
lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion
lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion
lockbit4lahhluquhokapqym2m3dhe66d6lr337glmnlgg2nndad.onion
lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion
lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion
lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

n/a

IP's

192.229.211.108
20.99.133.109
20.99.184.37
20.99.186.246
23.216.147.76

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a