Group Profile: LockBit
Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.
LockBit's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to LockBit ransomware deployment or data exfiltration and leaks published to LockBit's Tor Site
Apache
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Log4j | CVE-2021-44228 ("Log4Shell") | LockBit | cisa.gov |
Citrix
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetScaler ADC & Gateway | CVE-2023-4966 ("Citrixbleed") | LockBit | doublepulsar.com |
Fortinet
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS | CVE-2018-13379 | LockBit | cisa.gov |
Fortra
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| GoAnywhere Managed File Transfer | CVE-2023-0669 | LockBit | cisa.gov |
F5
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| iControl REST | CVE-2021-22986 | LockBit | cisa.gov |
PaperCut
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| PaperCut Application Server | CVE-2023–27350 & CVE-2023–27351 | LockBit | twitter.com/MsftSecIntel |
Windows
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetLogon | CVE-2020-1472 ("ZeroLogon") | LockBit | cisa.gov |
| Remote Desktop Services | CVE-2019-0708 ("BlueKeep") | LockBit | cisa.gov |
---
#### Sources
| Date Published | Report |
|---|---|
| 13 Nov 2023 | https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee |
| 14 June 2023 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a |
| 26 April 2023 | https://twitter.com/MsftSecIntel/status/1651346653901725696 |