← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware – The DFIR Report
WHITE CyberHunter_NL 2025-01-29 Modified: 2025-02-28
71
IOCs
HIGH VOLUME
Here is the full report from Microsoft Security Research's (DFIR) analysis of an intrusion into the Windows operating system in 2025, which led to LockBit ransomware being deployed across the environment on the 11th day of the intrusion.
Indicators of Compromise (5 / 71 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://159.100.14.254:443 2025-01-29
URL http://185.236.232.20:445 2025-01-29
URL http://46.21.250.52:21 2025-01-29
URL http://93.115.26.127:21 2025-01-29
URL https://accessservicesonline.com/setup_wm.exe d8b2d883d3b376833fa8e2093e82d0a118ba13b01a2054f8447f57d9fec67030 2025-01-29
References (1)
↗ https://thedfirreport.com/2025/01/27/cobalt-strike-and-a-pair-of-socks-lead-to-lockbit-ransomware/