| LockBit (ELF) (afce6aba-d4c4-49fa-b9a9-1a70e92e5a0e) |
Malpedia |
BITWISE SPIDER (ecf4d7cb-9bf7-4d9d-8450-c99e885b9aac) |
Threat Actor |
1 |
| BITWISE SPIDER (ecf4d7cb-9bf7-4d9d-8450-c99e885b9aac) |
Threat Actor |
LockBit (Windows) (fd035735-1ab9-419d-a94c-d560612e970b) |
Malpedia |
1 |
| BITWISE SPIDER (ecf4d7cb-9bf7-4d9d-8450-c99e885b9aac) |
Threat Actor |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
1 |
| Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Lockbit3 (c09f73fd-c3c3-42b1-b355-b03ca4941110) |
Ransomware |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
LockBit (8eda8bf1-db5a-412d-8511-45e2f7621d51) |
Ransomware |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
3 |
| File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
3 |
| Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) |
Attack Pattern |
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) |
Attack Pattern |
3 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
3 |
| Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
3 |
| System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) |
Attack Pattern |
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) |
Attack Pattern |
3 |
| Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
3 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
3 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
3 |
| Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
3 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
3 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
3 |
| Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
3 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
3 |
| Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
3 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
3 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
3 |
| Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) |
Attack Pattern |
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) |
Attack Pattern |
3 |
| Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
3 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
3 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
3 |
| Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) |
Attack Pattern |
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) |
Attack Pattern |
3 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
3 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
3 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
3 |