Security Brief: Millions of Messages Distribute LockBit Black Ransomware
May 13, 2024, 6:58 p.m.
Description
In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executable files that initiated network connections to download and execute the ransomware payload. This campaign marked the first widespread distribution of LockBit Black via the longstanding Phorpiex botnet infrastructure, indicating a notable shift in tactics by threat actors leveraging leaked ransomware builder tools.
Tags
Date
- Created: May 13, 2024, 6:27 p.m.
- Published: May 13, 2024, 6:27 p.m.
- Modified: May 13, 2024, 6:58 p.m.
Indicators
- f2198deecddd5ae56620b594b6b20bf8a20f9c983d4c60144bc6007a53087ce4
- dec445c2434579d456ac0ae1468a60f1bad9f5de6c72b88e52c28f88e6a4f6d0
- ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6
- a18a6bacc0d8b1dd4544cdf1e178a98a36b575b5be8b307c27c65455b1307616
- 874d3f892c299a623746d6b0669298375af4bd0ea02f52ac424c579e57ab48fd
- 86e17aa882c690ede284f3e445439dfe589d8f36e31cbc09d102305499d5c498
- 7bf7dfc7534aec7b5ca71d147205d2b8a3ce113e5254bb342d9f9b69828cf8ee
- 6de82310a1fa8ad70d37304df3002d25552db7c2e077331bf468dc32b01ac133
- 263a597dc2155f65423edcee57ac56eb7229bdf56109915f7cb52c8120d03efb
- 1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2
- 0cc54ffd005b4d3d048e72f6d66bcc1ac5a7a511ab9ecf59dc1d2ece72c69e85
- 13916d6b1fddb42f3146b641d37f3a69b491f183146e310aa972dd469e3417bf
- 062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1
- 01cd4320fa28bc47325ccbbce573ed5c5356008ab0dd1f450017e042cb631239
- 185.215.113.66
- jenny@gsd.com
Attack Patterns
- LockBit Black
- Phorpiex
- T1489
- T1486
- T1204
- T1485
- T1195
- T1566