Lokbit

The document outlines a network alert for potential data exfiltration by the Stealbit malware, detailing specific HTTP POST requests and associated indicators of compromise (IOCs). It lists various SHA2 hashes, IP addresses, and a link to a LockBit onion site, along with MITRE ATT&CK techniques related to the malware's operation. The alert emphasizes the need for monitoring and defense against such threats in network environments.

Uploaded by

Sanoop S Nair

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

21 views4 pages

Lokbit

Uploaded by

Sanoop S Nair

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

alert tcp any any -> any $HTTP_PORTS (msg:"Stealbit Data Exfil";

flow:to_server,established; content:"POST"; http_method; content:"&filesize=";

content:"&framesize="; content:"&framenum="; content:"&filecrc=";
content:"&filename="; content:"&pcname="; classtype:trojan-activity; sid:20166338;
rev:3; metadata:created_at 2021_08_12;)

INDICATORS OF COMPROMISE

Descrip
IOC Type
tion
16a707a3965ebd71ebc831b68863b855b2c8d60aef8efdef1e0 SHA2 LockBit2.
c0a6cc28e9bc7 56 0
e32dc551a721b43da44a068f38928d3e363435ce0e4d2e0479
c0dfdb27563c82
0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8d
bddf99867182d
92ec3373b528e0040fae1c34b6edc8d623d03eac84267bd3ed
408fe547b9c944
9dd6cc25b2f920b825e15682a4d06435a42b281674ba6e99c8
e2b2222c9d638f
56fd91787c641c2329a86813497d0e6ff219c81a4d61ac10fed
ef9cd68c3baed
b583058e06ecee9905c3fb73b44feb6ef0ce66dead14620b8a7
682067df2c8bc
4edbf2358a9820e030136dc76126c20cc38159df0d8d7b13d3
0b1c9351e8b277
6d26226f99724c18faf355a4e07b74bad72f5837e0de8c8361f7
d9a18525b5ae
98900768d564c6962981edde2759889fdda11bb1113c851468
e5c40ddafe1d4d
36446a57a54aba2517efca37eedd77c89dfc06e056369eac323
97e8679660ff7
34e6f4317e223d712a9464cd2e6ba9e6d7915eac75a8c06648
813ea1d7a80b80
a7591e4a248c04547579f014c94d7d30aa16a01bb2a25b77df
36e30a198df108
4bb152c96ba9e25f293bbc03c607918a4452231087053a8cb1
a8accb1acc92fd
f2d0e13a6ec546f169d45ad5b62ced1bcc3a4e01ae6dc366623
9defc959e2baa
717585e9605ac2a971b7c7537e6e311bab9db02ecc6451e0ef
ada9b2ff38b474
bcbb1e388759eea5c1fbb4f35c29b6f66f3f4ca4c715bab35c8fc
56dcf3fa621
0545f842ca2eb77bcac0fd17d6d0a8c607d7dbc8669709f3096
e5c1828e1c049
acad2d9b291b5a9662aa1469f96995dc547a45e391af9c7fa24
f5921b0128b2c
5c268313821c3e851f500e5dea135cce0670f1f2efe4466394d SHA2 StealBit
7dcdaeb321aa8 56
7c7317c7f036c00d4c55d00ba36cb2a58a39a72fe24a4b8d11f
42f81b062f80b
8ea24457df1459297503237411594b734794ee0d2654b22c66
d3a976e2e6ff4f
0d7358a3c04d860883da564d51c983e262d5b3057da29a380
4d5e8f67644e02e
8cfd554a936bd156c4ea29dfd54640d8f870b1ae7738c95ee25
8408eef0ab9e6
a7cf0f72bb6f1e0a61fbf39e3a3a36db6540250caeef35b47fb51
a8959f40984
dcc4ac1302ac5693875c4a4b193242cbb441b77cd918569c43f
e318bcf64fe3d
51.161.82[.]135 IP StealBit
167.172.170[.]139
51.81.153[.]212
51.77.110[.]6

http:// LockBit
lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4yky onion
d[.]onion website
MITRE ATT&CK TECHNIQUES

Initial Lateral Persisten Defense Discovery Command Impact

Access Moveme ce Evasion and Control
nt
Phishing Taint Scheduled Deobfuscate Account Commonly Data Encrypted
Shared Task/Job / Decode Discovery Used Port for Impact
Content Files or
Information

Valid Lateral Boot or Masqueradin Application Remote File System

Account Tool Logon g Window Copy Shutdown/Reboo
s Transfer Autostart Discovery t
Execution
Domain File and Standard
Policy Directory Application
Modification Discovery Layer
Protocol
Process Standard
Discovery Cryptographi
c Protocol
System Standard
Informatio Non-
n Application
Discovery Layer
Protocol

Network Security v1.0 - Module 9
No ratings yet
Network Security v1.0 - Module 9
17 pages
eJPT Solution
No ratings yet
eJPT Solution
23 pages
EAP225 V5.0 Datasheet
No ratings yet
EAP225 V5.0 Datasheet
42 pages
Index
100% (1)
Index
40 pages
Network Security Protocol Guide
No ratings yet
Network Security Protocol Guide
3 pages
Lab 1
50% (2)
Lab 1
14 pages
Cisco Router Command Guide
No ratings yet
Cisco Router Command Guide
4 pages
350-401 Dumps Implementing and Operating Cisco Enterprise Network Core Technologies
No ratings yet
350-401 Dumps Implementing and Operating Cisco Enterprise Network Core Technologies
76 pages
Algernon
No ratings yet
Algernon
8 pages
HDLC Report
100% (2)
HDLC Report
38 pages
VirusTotal - File - 661d6d56e8d9a8875f76e93f84f1
No ratings yet
VirusTotal - File - 661d6d56e8d9a8875f76e93f84f1
26 pages
Cisco Small Business Switches
No ratings yet
Cisco Small Business Switches
6 pages
Check-Point: Exam Questions 156-215.80
No ratings yet
Check-Point: Exam Questions 156-215.80
21 pages
CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
No ratings yet
CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
24 pages
ISO Network Management Model
100% (1)
ISO Network Management Model
22 pages
Ejpt Guide
No ratings yet
Ejpt Guide
39 pages
COMTECO
No ratings yet
COMTECO
2 pages
AP7181 ProductReferenceGuide
No ratings yet
AP7181 ProductReferenceGuide
572 pages
Netgear GS108T GS110TP
No ratings yet
Netgear GS108T GS110TP
269 pages
Mitre Att&Ck Mapping
No ratings yet
Mitre Att&Ck Mapping
30 pages
Scan
No ratings yet
Scan
3 pages
CCIE-Security - LabExamBlueprint - v3 0
No ratings yet
CCIE-Security - LabExamBlueprint - v3 0
2 pages
Understanding Vectra AI Detections
No ratings yet
Understanding Vectra AI Detections
210 pages
Electronic Data Interchange EDI
No ratings yet
Electronic Data Interchange EDI
13 pages
Firewall Technologies
No ratings yet
Firewall Technologies
3 pages
LAN (Local Area Network) :: (CITATION Jam10 /L 2057)
No ratings yet
LAN (Local Area Network) :: (CITATION Jam10 /L 2057)
33 pages
Port Numbers
No ratings yet
Port Numbers
159 pages
Whitepaper
No ratings yet
Whitepaper
115 pages
Module V
No ratings yet
Module V
69 pages
Log File
No ratings yet
Log File
101 pages
Lista de Portas TCP
No ratings yet
Lista de Portas TCP
234 pages
Anatomy of EDR Bypasses WHD WED 28thfeb2024
No ratings yet
Anatomy of EDR Bypasses WHD WED 28thfeb2024
75 pages
SIP Protocol and IMS Overview
No ratings yet
SIP Protocol and IMS Overview
3 pages
Attack Coverage
No ratings yet
Attack Coverage
128 pages
ACN Practical File
No ratings yet
ACN Practical File
35 pages
IOC List Situational Alert Extended-Version
No ratings yet
IOC List Situational Alert Extended-Version
10 pages
Network - Security-Module 5
No ratings yet
Network - Security-Module 5
43 pages
WHG Administrator Guide v1.10 20120524 PDF
No ratings yet
WHG Administrator Guide v1.10 20120524 PDF
313 pages
Banner Grabbing OS Fingerprinting Brief
No ratings yet
Banner Grabbing OS Fingerprinting Brief
3 pages
HVD Web Interest 22.08.2024
No ratings yet
HVD Web Interest 22.08.2024
2 pages
Masscan Results: Open Port 8000 Scanning
No ratings yet
Masscan Results: Open Port 8000 Scanning
80 pages
AR20-II-II CN Question Bank
No ratings yet
AR20-II-II CN Question Bank
4 pages
SQLCheck DESKTOP-DOVI5HH 20240923153903
No ratings yet
SQLCheck DESKTOP-DOVI5HH 20240923153903
10 pages
Attack Common Services
No ratings yet
Attack Common Services
22 pages
Network Traffic Analysis Guide
No ratings yet
Network Traffic Analysis Guide
27 pages
Log File
No ratings yet
Log File
4 pages
Lab 13
No ratings yet
Lab 13
9 pages
Iwpriv Usage
No ratings yet
Iwpriv Usage
9 pages
Log File
No ratings yet
Log File
6 pages
Midtest NguyenLeHoangThong
No ratings yet
Midtest NguyenLeHoangThong
8 pages
Network Security Lec 1
No ratings yet
Network Security Lec 1
43 pages
HTTPS Download Log Analysis
No ratings yet
HTTPS Download Log Analysis
4 pages
Log4j IOCs 20dic
No ratings yet
Log4j IOCs 20dic
53 pages
Which One of The Binary Number Ranges Shown Below
No ratings yet
Which One of The Binary Number Ranges Shown Below
8 pages
DHCP Snooping
No ratings yet
DHCP Snooping
6 pages
Brkcol 2455
No ratings yet
Brkcol 2455
183 pages
Network Security and Monitoring Quiz
No ratings yet
Network Security and Monitoring Quiz
20 pages
Static Routing
No ratings yet
Static Routing
19 pages
Report
No ratings yet
Report
1 page
Conti (s0575)
No ratings yet
Conti (s0575)
5 pages
zNBr5RMS92dyv7 - bSLIfQ - How To Read The Tcpdump Traffic Log
No ratings yet
zNBr5RMS92dyv7 - bSLIfQ - How To Read The Tcpdump Traffic Log
3 pages
Communication Project Documentation
No ratings yet
Communication Project Documentation
46 pages
Closing Open Holes, System Security How To Close Open Holes
No ratings yet
Closing Open Holes, System Security How To Close Open Holes
7 pages
Penetration Testing Activity Lab 1 - 080633
No ratings yet
Penetration Testing Activity Lab 1 - 080633
8 pages
No Day Received Hour Received Threat Category Source Address
No ratings yet
No Day Received Hour Received Threat Category Source Address
6 pages
Closed Port
No ratings yet
Closed Port
8 pages
Robert Graham-Firewall Forensics-What Am I Seeing
No ratings yet
Robert Graham-Firewall Forensics-What Am I Seeing
41 pages
MAR-10430311.c 1.v 1.CLEAR
No ratings yet
MAR-10430311.c 1.v 1.CLEAR
10 pages
Trojan Port List
No ratings yet
Trojan Port List
13 pages
MKT
No ratings yet
MKT
2 pages
Indicators of Compromise For Malware Used by APT28: 4 October 2018
No ratings yet
Indicators of Compromise For Malware Used by APT28: 4 October 2018
8 pages
How To Enable SSL On Raspberry PI Owncloud - AvoidErrors PDF
No ratings yet
How To Enable SSL On Raspberry PI Owncloud - AvoidErrors PDF
3 pages
Port Monitor Commands
No ratings yet
Port Monitor Commands
8 pages
Network Security Tutorial 6
No ratings yet
Network Security Tutorial 6
10 pages
Threat Name: Sensitivity: Internal Restricted
No ratings yet
Threat Name: Sensitivity: Internal Restricted
2 pages
The Fundamentals of HTTP: F5 White Paper
No ratings yet
The Fundamentals of HTTP: F5 White Paper
8 pages
DNS Health Check Find Bugs On Your Domain
No ratings yet
DNS Health Check Find Bugs On Your Domain
4 pages
Config&Info SBC
No ratings yet
Config&Info SBC
330 pages
Network Security Scan Report
No ratings yet
Network Security Scan Report
2 pages
Creating Custom Threat Signatures From Snort Signatures - Knowledge Base - Palo Alto Networks
No ratings yet
Creating Custom Threat Signatures From Snort Signatures - Knowledge Base - Palo Alto Networks
25 pages
Task Solution
No ratings yet
Task Solution
20 pages
CHAPTER1 Quiz - NET202
No ratings yet
CHAPTER1 Quiz - NET202
3 pages
E32A - Datasheet - 2014062 Camara IP Acti
No ratings yet
E32A - Datasheet - 2014062 Camara IP Acti
2 pages
System Security Tool: Submitted By: Ravi Kumar Amitesh Kumar Vaibhav Gomber Amit Giri
No ratings yet
System Security Tool: Submitted By: Ravi Kumar Amitesh Kumar Vaibhav Gomber Amit Giri
17 pages
Modified Slides From Martin Roesch Sourcefire Inc
No ratings yet
Modified Slides From Martin Roesch Sourcefire Inc
31 pages
Fort I Net Open Ports
No ratings yet
Fort I Net Open Ports
14 pages
Snort
No ratings yet
Snort
30 pages
Trojans and Ports List 2001
No ratings yet
Trojans and Ports List 2001
7 pages
Portas Trojans
No ratings yet
Portas Trojans
4 pages
Paypal XXE Via Ektron
100% (1)
Paypal XXE Via Ektron
10 pages

Lokbit

Uploaded by

Lokbit

Uploaded by

alert tcp any any -> any $HTTP_PORTS (msg:"Stealbit Data Exfil";

flow:to_server,established; content:"POST"; http_method; content:"&filesize=";

Initial Lateral Persisten Defense Discovery Command Impact

Valid Lateral Boot or Masqueradin Application Remote File System

You might also like