Pulse Detail — Threat Intelligence

PULSE NAME

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware – The DFIR Report

WHITE CyberHunter_NL 2025-01-29 Modified: 2025-02-28

IOCs

HIGH VOLUME

Here is the full report from Microsoft Security Research's (DFIR) analysis of an intrusion into the Windows operating system in 2025, which led to LockBit ransomware being deployed across the environment on the 11th day of the intrusion.

Indicators of Compromise (22 / 71 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	03af38505cee81b9d6ecd8c1fd896e0e	MD5 of 1ac66fcc34c0b86def886e4e168030dae096927c	2025-01-29
FileHash-MD5	0aa05ebc3b6667954898cfccc4057600	MD5 of c59cbd309b3393cb08a1133364ed11000fdd418d	2025-01-29
FileHash-MD5	0f7b6bb3a239cf7a668a8625e6332639	MD5 of 5263a135f09185aa44f6b73d2f8160f56779706d	2025-01-29
FileHash-MD5	2800a10c4afae44978d906b2abaed745	—	2025-01-29
FileHash-MD5	303951d4c50efb2e991652225a6f02b1	—	2025-01-29
FileHash-MD5	40852fde665eb9119fcc565bd68de680	—	2025-01-29
FileHash-MD5	4457256150386acec794e9e8ee412691	—	2025-01-29
FileHash-MD5	4794accd22271a28547fb3613ee79218	—	2025-01-29
FileHash-MD5	573a213191985c555dd7e8de5f0a9cae	—	2025-01-29
FileHash-MD5	57f791f7477b1f7a1b3605465d054db8	MD5 of bba1bc3ebf07ca3c4e2442f0ba9ea18383ce627b	2025-01-29
FileHash-MD5	6505b488d0c7f3eaee66e3db103d7b05	—	2025-01-29
FileHash-MD5	671b967eb2bc04a0cd892ca225eb5034	—	2025-01-29
FileHash-MD5	6d44c5fb49258f285769e50830fc59af	—	2025-01-29
FileHash-MD5	6e91c474d90546845b1f3f9e7a33411a	MD5 of 9352236ad6fe8835979cf11ba5033f8f2fef0f19	2025-01-29
FileHash-MD5	71c8c1a0056fd084bc32a03d9245ad10	—	2025-01-29
FileHash-MD5	8ed408107f89c53261bf74e58517bc76	—	2025-01-29
FileHash-MD5	90f9044cfee2c678fe51abd098bdfe97	—	2025-01-29
FileHash-MD5	996ad32c7ae2190b7fa7876df0d7b717	—	2025-01-29
FileHash-MD5	a0e9f5d64349fb13191bc781f81f42e1	—	2025-01-29
FileHash-MD5	b254f8f03e61bd9469df66c189d79871	—	2025-01-29
FileHash-MD5	d9adb3dd6df169e824b2867a2b8cba89	—	2025-01-29
FileHash-MD5	ea327ed0a3243847f7cd87661e22e1de	—	2025-01-29

References (1)

↗ https://thedfirreport.com/2025/01/27/cobalt-strike-and-a-pair-of-socks-lead-to-lockbit-ransomware/