LockBit

Search IOCs, vulnerabilities, APT…

216.73.216.10

← Back to intrusion sets

· Published 20/12/2025 23:28 · Modified 21/12/2025 12:28 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 23:28
Modified: 21/12/2025 12:28
Updated at: 21/12/2025 12:28
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 6 reports, 56 attack patterns (mitre), 3 malware, 7 sectors, 5 countries, 64 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (6)

LockBit strikes with new 5.0 version, targeting Windows, …

6 Observables 1 APT
Detailed Analysis of LockBit 5.0

2 MITREs 3 Observables 1 APT
New LockBit 5.0 Targets Windows, Linux, ESXi

9 MITREs 1 Malware 5 Observables 1 APT
Unmasking LockBit: A Deep Dive into DLL Sideloading …

10 MITREs 1 Malware 11 Observables 1 APT
Unfiltered look into LockBit’s operations

14 MITREs 1 Malware 3 Observables 1 APT
Confluence Exploit Leads to LockBit Ransomware

4 CVEs 19 MITREs 1 Malware 15 Observables 1 APT

Attack patterns (MITRE) (56)

T1055.012 uses

Process Hollowing MITRE
T1480 uses

Execution Guardrails MITRE
T1497.001 uses

System Checks MITRE
T1071 uses

Application Layer Protocol MITRE
T1005 uses

Data from Local System MITRE
T1574.002 uses

MITRE
T1497 uses

Virtualization/Sandbox Evasion MITRE
T1036.005 uses

Match Legitimate Resource Name or Location MITRE
T1059.003 uses

Windows Command Shell MITRE
T1567 uses

Exfiltration Over Web Service MITRE
T1497.002 uses

User Activity Based Checks MITRE
T1218.005 uses

Mshta MITRE

← Previous

Page / 5

1–12 of 56

LockBit uses

Family
Conti uses

Family
LockBit 5.0 uses

Family

Sectors (7)

Healthcare targets
Government targets
Manufacturing targets
Education targets
Finance targets
BFSI targets
Services targets

Countries (5)

India targets
Russian Federation targets
United States of America targets
United Kingdom of Great Britain and Northern Ireland targets
France targets

Indicators (64)

lockbitsuppyx2jegaoyiw44ica5vdho63m5ijjlmfb7omq3tfr3qhyd.onion indicates

stix 100/100

· Valid until 10/07/2026 · Source: AlienVault
2389b3978887ec1094b26b35e21e9c77826d91f7fa25b2a1cb5ad836ba2d7ec4 indicates

stix 100/100 Revoked

· Valid until 23/01/2026 · Source: AlienVault
lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion indicates

stix 100/100

· Valid until 10/07/2026 · Source: AlienVault
18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88 indicates

stix 100/100 Revoked

SLF:Trojan:PowerShell/PSExploitCredAPI.A

· Valid until 23/01/2026 · Source: AlienVault
7673a949181e33ff8ed77d992a2826c25b8da333f9e03213ae3a72bb4e9a705d indicates

stix 100/100 Revoked

· Valid until 23/01/2026 · Source: AlienVault
1e2e25a996f72089f12755f931e7fca9b64dd85b03a56a9871fd6bb8f2cf1dbb indicates

stix 100/100 Revoked

· Valid until 20/02/2026 · Source: AlienVault
90b06f07eb75045ea3d4ba6577afc9b58078eafeb2cdd417e2a88d7ccf0c0273 indicates

stix 100/100

· Valid until 25/09/2026 · Source: AlienVault
7ea5afbc166c4e23498aa9747be81ceaf8dad90b8daa07a6e4644dc7c2277b82 indicates

stix 100/100

· Valid until 25/09/2026 · Source: AlienVault
lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion indicates

stix 100/100

· Valid until 10/07/2026 · Source: AlienVault
e00aa8146cf1202d8ba4fffbcf86da3c6d8148a80bb6503d89b0db2aa9cc0997 indicates

stix 100/100 Revoked

· Valid until 12/05/2026 · Source: AlienVault
lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion indicates

stix 100/100

· Valid until 10/07/2026 · Source: AlienVault
b3ea0f4f442da3106c0d4f97cf20e244b84d719232ca90b3b7fc6e59e37e1ca1 indicates

stix 100/100 Revoked

TrojanDownloader:Win64/BazaarLoader.AA!MTB SHA256 of a8d46a042e6095d7671dbac2aeff74c7bb5e792a

· Valid until 03/06/2024 · Source: AlienVault

← Previous

Page / 6

1–12 of 64

Vulnerabilities (CVE) (4)

CVE-2023-22527 KEV targets

9.8 Critical

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Attack vector: Network
Published: 24/01/2024
Modified: 21/12/2025

CVE-2023-22518 KEV targets

9.8 Critical

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an …

Attack vector: Network
Published: 07/11/2023
Modified: 21/12/2025

CVE-2023-22515 KEV targets

9.8 Critical

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …

Attack vector: Network
Published: 05/10/2023
Modified: 21/12/2025

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

Contact About Legal notice Privacy policy Terms of use

LockBit

Essential information

Description

Marking (TLP)

Related entities

Reports (6)

Attack patterns (MITRE) (56)

Malware (3)

Sectors (7)

Countries (5)

Indicators (64)

Vulnerabilities (CVE) (4)