Pulse Detail — Threat Intelligence

PULSE NAME

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability | CISA

WHITE CyberHunter_NL 2023-11-21 Modified: 2023-12-21

IOCs

MEDIUM VOLUME

Ransomware is a growing threat to networks, but how do you protect against it and what can you know about the latest threat? Â£2.5m worth of ransomware has been discovered on a Boeing website.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1082 T1539 T1556 T1563 T1531 T1027 T1218 T1547 T1021 T1070 T1548 T1134 T1059

MALWARE FAMILIES

LockBit Bleed Threat

Indicators of Compromise (29)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2023-22515	—	2023-11-21
CVE	CVE-2023-4966	—	2023-11-21
FileHash-MD5	6e8ca501c45a9b85fff2378cffaa24b2	—	2023-11-21
FileHash-MD5	d7addb5b6f55eab1686410a17b3c867b	MD5 of 498ba0afa5d3b390f852af66bd6e763945bf9b6bff2087015ed8612a18372155	2023-11-21
FileHash-MD5	eb842a9509dece779d138d2e6b0f6949	—	2023-11-21
FileHash-SHA1	a54af16b2702fe0e5c569f6d8f17574a9fdaf197	SHA1 of 498ba0afa5d3b390f852af66bd6e763945bf9b6bff2087015ed8612a18372155	2023-11-21
FileHash-SHA256	17a27b1759f10d1f6f1f51a11c0efea550e2075c2c394259af4d3f855bbcc994	—	2023-11-21
FileHash-SHA256	498ba0afa5d3b390f852af66bd6e763945bf9b6bff2087015ed8612a18372155	—	2023-11-21
FileHash-SHA256	906602ea3c887af67bcb4531bbbb459d7c24a2efcb866bcb1e3b028a51f12ae6	—	2023-11-21
FileHash-SHA256	98e79f95cf8de8ace88bf223421db5dce303b112152d66ffdf27ebdfcdf967e9	—	2023-11-21
FileHash-SHA256	9b6b722ba4a691a2fe21747cd5b8a2d18811a173413d4934949047e04e40b30a	—	2023-11-21
FileHash-SHA256	cc21c77e1ee7e916c9c48194fad083b2d4b2023df703e544ffb2d6a0bfc90a63	—	2023-11-21
FileHash-SHA256	e557e1440e394537cca71ed3d61372106c3c70eb6ef9f07521768f23a0974068	—	2023-11-21
FileHash-SHA256	ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44	—	2023-11-21
URL	http://62.233.50.25/en-us/docs.html	—	2023-11-21
URL	http://62.233.50.25/en-us/test.html	—	2023-11-21
URL	http://81.19.135.219/F8PtZ87fE8dJWqe.hta	—	2023-11-21
URL	http://81.19.135.219:443/q0X5wzEh6P7.hta	—	2023-11-21
URL	https://adobe-us-updatefiles.digital/index.php	—	2023-11-21
YARA	0b9b6a9c1eb839e142fc4088ad43bdb4c52c3c9d	This is a hunting rule to detect FREEFIRE samples using OP code sequences in getLastRecord method	2023-11-21
YARA	0da7ee157236badc4568962b381cce811e0b0c1e	Detects trojan python samples	2023-11-21
YARA	3c47ed12de2d5c9d356a046885b867fceed3fdbb	Detects trojan DLL samples	2023-11-21
YARA	3c67d4f90206e692f9511426ac2bd4becaaa3851	Detects trojan .bat samples	2023-11-21
YARA	d6044e0f131429dc7b234c364349e60bb8ed0876	Detects trojan PE32 samples	2023-11-21
domain	adobe-us-updatefiles.digital	—	2023-11-21
domain	dns0.org	—	2023-11-21
domain	fixme.it	—	2023-11-21
email	soc@cisecurity.org	—	2023-11-21
hostname	unattended.techninline.net	—	2023-11-21

References (1)

↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a