LockBit
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:33
- Modified
- 27/05/2026 21:40
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 69 attack patterns (mitre), 2 intrusion sets (apt), 11 sectors, 10 countries, 98 indicators, 10 vulnerabilities (cve), 29 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (69)
-
T1561 usesDisk Wipe MITRE
-
T1021.002 usesSMB/Windows Admin Shares MITRE
-
T1132 usesData Encoding MITRE
-
T1518.001 usesSecurity Software Discovery MITRE
-
T1048.003 usesExfiltration Over Unencrypted Non-C2 Protocol MITRE
-
T1073 uses
-
T1518 usesSoftware Discovery MITRE
-
T1218.011 usesRundll32 MITRE
-
T1027.002 usesSoftware Packing MITRE
-
T1569 usesSystem Services MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1083 usesFile and Directory Discovery MITRE
Intrusion sets (APT) (2)
-
DragonForce usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (11)
-
Technology targets
-
Services targets
-
Air transport targets
-
BFSI targets
-
Media targets
-
Engineering consulting targets
-
Retail targets
-
Agriculture and agribusiness targets
-
Hospitality targets
-
Legal consulting targets
-
Defense targets
Countries (10)
-
Belarus targets
-
Italy targets
-
Poland targets
-
Mexico targets
-
Iran, Islamic Republic of targets
-
Thailand targets
-
Brazil targets
-
Russian Federation targets
-
United States of America targets
-
Philippines targets
Indicators (98)
-
stix 100/100 Revoked· Valid until 14/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/01/2024 · Source: AlienVault
-
http://185.80.91.84/commandindicatesstix 100/100 Revoked· Valid until 27/01/2025 · Source: AlienVault -
216.45.58.177indicatesstix 100/100 RevokedCC=US ASN=AS8100 quadranet enterprises llc
· Valid until 22/12/2025 · Source: AlienVault -
http://45.10.247.152/commandindicatesstix 100/100 Revoked· Valid until 27/01/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 14/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 24/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 14/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/06/2025 · Source: AlienVault
Vulnerabilities (CVE) (10)
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file …
- Attack vector
- NETWORK
- Published
- 14/03/2022
- Modified
- 21/12/2025
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute …
- Attack vector
- Network
- Published
- 19/05/2025
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …
- Attack vector
- Network
- Published
- 13/02/2026
- Modified
- 20/02/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …
- Attack vector
- Network
- Published
- 13/09/2023
- Modified
- 21/12/2025
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 21/04/2015
- Modified
- 22/04/2026
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
- Attack vector
- Network
- Published
- 21/02/2023
- Modified
- 21/12/2025
Reports (29)
-
20 MITREs 2 Malwares 2 Observables 1 APT
-
1 CVE 18 MITREs 6 Malwares 5 Observables
-
14 MITREs 1 Malware 10 Observables 1 APT
-
16 MITREs 4 Malwares 13 Observables 1 APT
-
4 CVEs 17 MITREs 5 Malwares 67 Observables 1 APT
-
15 MITREs 4 Malwares 1 APT
-
1 CVE 5 Malwares 5 Observables 1 APT
-
7 MITREs 9 Malwares 33 Observables 1 APT
-
10 MITREs 1 Malware 11 Observables 1 APT
-
16 Malwares 1 Observable 1 APT
-
14 MITREs 1 Malware 3 Observables 1 APT
-
4 CVEs 19 MITREs 1 Malware 15 Observables 1 APT