# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/bartblaze/status/1228364607410130944
# Reference: https://twitter.com/GrujaRS/status/1294908674486525953
# Reference: https://github.com/StrangerealIntel/malware-notes/blob/master/Ransomware/Lockbit.md

lockbit-decryptor.com
lockbitkodidilol.onion
lockbitks2tvnmwk.onion

# Reference: # Reference: https://www.virustotal.com/gui/ip-address/47.91.79.68/relations

lockbit-blog.com
lockbit-decryptor.top

# Reference: https://github.com/thetanz/ransomwatch/blob/main/docs/INDEX.md

lockbitapt.uz
lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
oyarbnujct53bizjguvolxou3rmuda2vr72osyexngbdkhqebwrzsnad.onion
yq43odyrmzqvyezdindg2tokgogf3pn6bcdtvgczpz5a74tdxjbtk2yd.onion
zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

# Reference: https://www.ic3.gov/Media/News/2022/220204.pdf (# Lockbit 2.0)

http://139.60.160.200
http://168.100.11.72
http://174.138.62.35
http://185.182.193.120
http://185.215.113.39
http://193.162.143.218
http://193.38.235.234
http://45.227.255.190
http://88.80.147.102
http://93.190.139.223
http://93.190.143.101

# Reference: https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
# Reference: https://otx.alienvault.com/pulse/612606e65f3918cb8354bcd9/

bigblog.at
decoding.at

# Reference: https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/
# Reference: https://otx.alienvault.com/pulse/626bc047f1a3ebc6be0a2856

45.32.108.54:443

# Reference: https://twitter.com/malwrhunterteam/status/1521942395679608834
# Reference: https://www.virustotal.com/gui/file/7cc0c4d1f3bc3c5e486077bd69c1aeedba27a085c5e6f67d7309f2aa79a0e5b9/detection

lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion
