Security Brief: Millions of Messages Distribute LockBit Black Ransomware
May 13, 2024, 6:58 p.m.
Tags
External References
Description
In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executable files that initiated network connections to download and execute the ransomware payload. This campaign marked the first widespread distribution of LockBit Black via the longstanding Phorpiex botnet infrastructure, indicating a notable shift in tactics by threat actors leveraging leaked ransomware builder tools.
Date
Published: May 13, 2024, 6:27 p.m.
Created: May 13, 2024, 6:27 p.m.
Modified: May 13, 2024, 6:58 p.m.
Indicators
f2198deecddd5ae56620b594b6b20bf8a20f9c983d4c60144bc6007a53087ce4
dec445c2434579d456ac0ae1468a60f1bad9f5de6c72b88e52c28f88e6a4f6d0
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6
a18a6bacc0d8b1dd4544cdf1e178a98a36b575b5be8b307c27c65455b1307616
874d3f892c299a623746d6b0669298375af4bd0ea02f52ac424c579e57ab48fd
86e17aa882c690ede284f3e445439dfe589d8f36e31cbc09d102305499d5c498
7bf7dfc7534aec7b5ca71d147205d2b8a3ce113e5254bb342d9f9b69828cf8ee
6de82310a1fa8ad70d37304df3002d25552db7c2e077331bf468dc32b01ac133
263a597dc2155f65423edcee57ac56eb7229bdf56109915f7cb52c8120d03efb
1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2
0cc54ffd005b4d3d048e72f6d66bcc1ac5a7a511ab9ecf59dc1d2ece72c69e85
13916d6b1fddb42f3146b641d37f3a69b491f183146e310aa972dd469e3417bf
062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1
01cd4320fa28bc47325ccbbce573ed5c5356008ab0dd1f450017e042cb631239
185.215.113.66
jenny@gsd.com
Attack Patterns
LockBit Black
Phorpiex
T1489
T1486
T1204
T1485
T1195
T1566