← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LockBit 3.0 Ransomware - CISA IOCs (Dec 2025)
WHITE pduggusa 2025-12-03 Modified: 2026-01-02
3
IOCs
LOW VOLUME
LockBit 3.0 (aka LockBit Black) ransomware IOCs from CISA advisory AA23-165A and recent campaigns. LockBit operates as RaaS (Ransomware-as-a-Service) and remains one of the most prolific ransomware operations globally. TTPs: Initial access via RDP/VPN exploitation, Cobalt Strike for lateral movement, data exfiltration before encryption. Source: CISA AA23-165A, FBI Flash Reports
ransomwarelockbitlockbit3raascisafbi
Indicators of Compromise (3)
All FileHash-SHA1 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 3f5262e294d2c5e0e8e3e8e35e3a5e32e9e3a5e3 LockBit 3.0 encryptor sample 2025-12-03
domain lockbitapt.onion LockBit leak site (Tor) 2025-12-03
domain lockbitsupport.onion LockBit negotiation portal 2025-12-03
References (2)
↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a ↗ https://www.ic3.gov/Media/News/2023/230614.pdf