Found 9 bookmarks
Custom sorting
On Lockbit's plaintext passwords
On Lockbit's plaintext passwords
Today it was discovered that an unknown actor had managed to exploit a vulnerability in Lockbit’s PHPMyAdmin instance (on their console onion site). Apparently they were running PHP 8.1.2 which is vulnerable to an RCE CVE-2024-4577. Which uhh… lol? It probably would have been prudent to do a post-paid penetration test on their own infrastructure at some point. Further compounding the unfortunate situation, the actor was able to dump their database. This contained, as stated by Bleeping Computer, a number of tables such as bitcoin addresses, data about their build system such as bespoke builds for affiliates, A ‘chats’ table containing negotiation messages, which we’ll go through in a later post. And finally, of interest today, the usernames and passwords of LockBit agents using the console. Of special importance, making our work markedly easier, these passwords were not hashed. Which sure is a choice, as an organization that performs ransomware attacks. The vast majority of the passwords in this table as reasonably secure; it’s not solely hilariously weak credentials, but there still are a number that display poor security hygiene. The weak passwords Before going into my standard analysis, I’ll list off all of the weak passwords in question, and then we’ll go through the statistics of the whole set. The fun to highlight passwords: Weekendlover69 CumGran0Salis Lockbit123 Lockbitproud321 * Lavidaloca18
#dak.lol#EN#2025#Lockbit#leak#passwords#complexity#PHPMyAdmin#analysis
·dak.lol·
On Lockbit's plaintext passwords
LockBit Ransomware v4.0
LockBit Ransomware v4.0
Malware Analysis Report - LockBit Ransomware v4.0 In this blog post, I’m going over my analysis for the latest variant of LockBit ransomware - version 4.0. Throughout this blog, I’ll walk through all the malicious functionalities discovered, complete with explanations and IDA screenshots to show my reverse engineering process step by step. This new version of LockBit 4.0 implements a hybrid-cryptography approach, combining Curve25519 with XChaCha20 for its file encryption scheme. This version shares similarities with the older LockBit Green variant that is derived from Conti ransomware. While the multi-threading architecture seems more streamlined than previous versions, it still delivers an encryption speed that outpaces most other ransomware families. As always, LockBit is still my most favorite malware to look at, and I certainly enjoyed doing a deep dive to understand how this version works.
#chuongdong#EN#2025#Malware#Analysis#Report#LockBit#LockBit4.0#ransomware
·chuongdong.com·
LockBit Ransomware v4.0
Inside the Open Directory of the “You Dun” Threat Group
Inside the Open Directory of the “You Dun” Threat Group
  • Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity. The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran. The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions. * The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.
#thedfirreport#EN#2024#Analysis#open-directory#LockBit#operational#You-Dun#group#China#tools#scan
·thedfirreport.com·
Inside the Open Directory of the “You Dun” Threat Group
Analyzing an arm64 mach-O version of LockBit
Analyzing an arm64 mach-O version of LockBit
The relevance of this macOS specimen is well articulated in their tweet: “Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products.” vx-underground Ok, so even though it’s the weekend, we have what appears to be a new macOS malware specimen from one of the more notorious ransomware gangs! Coupled with the fact that this may be, (as noted by @VXUnderground), “the first time a large ransomware threat group has developed a payload for Apple products” …I was intrigued to decided to dig right in!
#objective-see#EN#2023#LockBit#macOS#analysis
·objective-see.org·
Analyzing an arm64 mach-O version of LockBit
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities