← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware – The DFIR Report
WHITE CyberHunter_NL 2025-01-29 Modified: 2025-02-28
71
IOCs
HIGH VOLUME
Here is the full report from Microsoft Security Research's (DFIR) analysis of an intrusion into the Windows operating system in 2025, which led to LockBit ransomware being deployed across the environment on the 11th day of the intrusion.
Indicators of Compromise (19 / 71 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1ac66fcc34c0b86def886e4e168030dae096927c 2025-01-29
FileHash-SHA1 450d54d5737164579416ca99af1eb3fa1d4aaff9 2025-01-29
FileHash-SHA1 45337ae989cd62d07059f867ce62ff6b6fc90819 2025-01-29
FileHash-SHA1 4a1e667e0c3550f4446903570adbe7776699d4ca 2025-01-29
FileHash-SHA1 5263a135f09185aa44f6b73d2f8160f56779706d 2025-01-29
FileHash-SHA1 5de1f72ffeea1ecbd287b0ca8ddb2c5264d9acb5 2025-01-29
FileHash-SHA1 84019de427aef1f1e4f32b579767bee6d0bd1e64 2025-01-29
FileHash-SHA1 9352236ad6fe8835979cf11ba5033f8f2fef0f19 2025-01-29
FileHash-SHA1 956e020206c4dc4240537d07be022e86ed918ed1 2025-01-29
FileHash-SHA1 aa19a1648d680c3bfbee7dcc3df41ce98af8e121 2025-01-29
FileHash-SHA1 ab1777107d9996e647d43d1194922b810f198514 2025-01-29
FileHash-SHA1 b077ea03b207cc8b8b48b9b4f9a58dabbd39f678 2025-01-29
FileHash-SHA1 bba1bc3ebf07ca3c4e2442f0ba9ea18383ce627b 2025-01-29
FileHash-SHA1 bf2b396b8fb0b1de27678aab877b6f177546d1c5 2025-01-29
FileHash-SHA1 c59cbd309b3393cb08a1133364ed11000fdd418d 2025-01-29
FileHash-SHA1 c6d54322a17e754150e61f7caa91226a84b0b774 2025-01-29
FileHash-SHA1 ccc6b5bf9591fa9a3d57fd48ee0c9c49a6d22da9 2025-01-29
FileHash-SHA1 da6771fbbcfaf195b80925cefc880794d62d61bf 2025-01-29
FileHash-SHA1 e3619582f4d81ca180dee161bbe49d499b237119 2025-01-29
References (1)
↗ https://thedfirreport.com/2025/01/27/cobalt-strike-and-a-pair-of-socks-lead-to-lockbit-ransomware/