Today > 1 Critical | 5 High | 21 Medium vulnerabilities   -   You can now download lists of IOCs here!

Security Brief: Millions of Messages Distribute LockBit Black Ransomware

May 13, 2024, 6:58 p.m.

Description

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executable files that initiated network connections to download and execute the ransomware payload. This campaign marked the first widespread distribution of LockBit Black via the longstanding Phorpiex botnet infrastructure, indicating a notable shift in tactics by threat actors leveraging leaked ransomware builder tools.

Date

Published: May 13, 2024, 6:27 p.m.

Created: May 13, 2024, 6:27 p.m.

Modified: May 13, 2024, 6:58 p.m.

Indicators

f2198deecddd5ae56620b594b6b20bf8a20f9c983d4c60144bc6007a53087ce4

dec445c2434579d456ac0ae1468a60f1bad9f5de6c72b88e52c28f88e6a4f6d0

ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6

a18a6bacc0d8b1dd4544cdf1e178a98a36b575b5be8b307c27c65455b1307616

874d3f892c299a623746d6b0669298375af4bd0ea02f52ac424c579e57ab48fd

86e17aa882c690ede284f3e445439dfe589d8f36e31cbc09d102305499d5c498

7bf7dfc7534aec7b5ca71d147205d2b8a3ce113e5254bb342d9f9b69828cf8ee

6de82310a1fa8ad70d37304df3002d25552db7c2e077331bf468dc32b01ac133

263a597dc2155f65423edcee57ac56eb7229bdf56109915f7cb52c8120d03efb

1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2

0cc54ffd005b4d3d048e72f6d66bcc1ac5a7a511ab9ecf59dc1d2ece72c69e85

13916d6b1fddb42f3146b641d37f3a69b491f183146e310aa972dd469e3417bf

062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1

01cd4320fa28bc47325ccbbce573ed5c5356008ab0dd1f450017e042cb631239

185.215.113.66

jenny@gsd.com

Attack Patterns

LockBit Black

Phorpiex

T1489

T1486

T1204

T1485

T1195

T1566