# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/bartblaze/status/1228364607410130944
# Reference: https://twitter.com/GrujaRS/status/1294908674486525953
# Reference: https://github.com/StrangerealIntel/malware-notes/blob/master/Ransomware/Lockbit.md

lockbit-decryptor.com
lockbitkodidilol.onion
lockbitks2tvnmwk.onion

# Reference: https://www.virustotal.com/gui/ip-address/47.91.79.68/relations

lockbit-blog.com
lockbit-decryptor.top

# Reference: https://github.com/thetanz/ransomwatch/blob/main/docs/INDEX.md
# Reference: https://www.virustotal.com/gui/ip-address/37.75.37.31/relations

lockbitapt.uz
lockbitsupp.uz
lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
oyarbnujct53bizjguvolxou3rmuda2vr72osyexngbdkhqebwrzsnad.onion
yq43odyrmzqvyezdindg2tokgogf3pn6bcdtvgczpz5a74tdxjbtk2yd.onion
zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

# Reference: https://www.ic3.gov/Media/News/2022/220204.pdf (# Lockbit 2.0)

http://139.60.160.200
http://168.100.11.72
http://174.138.62.35
http://185.182.193.120
http://185.215.113.39
http://193.162.143.218
http://193.38.235.234
http://45.227.255.190
http://88.80.147.102
http://93.190.139.223
http://93.190.143.101

# Reference: https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
# Reference: https://otx.alienvault.com/pulse/612606e65f3918cb8354bcd9/

bigblog.at
decoding.at

# Reference: https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/
# Reference: https://otx.alienvault.com/pulse/626bc047f1a3ebc6be0a2856

45.32.108.54:443

# Reference: https://twitter.com/malwrhunterteam/status/1521942395679608834
# Reference: https://www.virustotal.com/gui/file/7cc0c4d1f3bc3c5e486077bd69c1aeedba27a085c5e6f67d7309f2aa79a0e5b9/detection

lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion

# Reference: https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/
# Reference: https://otx.alienvault.com/pulse/62da7bf8750a63befc1fdc10

lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion
lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion
lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion
lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion
lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion
lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion
lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion
lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion
lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion
lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion
lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion
lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion
lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion
lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion
lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion
lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion
lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion
lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion
lockbit7z4cgxvictidwfxpuiov4scdw34nxotmbdjyxpkvkg34mykyd.onion
lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion
lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion
lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion
lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion
lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion
lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion
lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion
lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion
lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion

# Reference: https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/
# Reference: https://otx.alienvault.com/pulse/62e3bd0e3cb19a3fe6ea6e03
# Reference: https://www.virustotal.com/gui/file/5fa490668a9963e97d956f9a3b0c746b1d16eee9a73dfba875c9a3dc0e2c0d1b/detection
# Reference: https://www.virustotal.com/gui/file/5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4/detection

139.180.184.147:45532
openjdklab.xyz
info.openjdklab.xyz

# Reference: https://asec.ahnlab.com/en/39242/
# Reference: https://otx.alienvault.com/pulse/633dcf3971af0a0dae3243b7

ppaauuaa11232.cc

# Reference: https://twitter.com/DmitriyMelikov/status/1602239777029476354
# Reference: https://www.virustotal.com/gui/file/3b55624bf812c25712465543d5c0d687f523d3a93f6879817cef93dffef20888/detection
# Reference: https://www.virustotal.com/gui/file/e6ab1b1a253a608785f765d5961694215b39e58ca29e70c5cb3c1ba7a0a1100b/detection

http://195.201.101.146
/12341rgergg435g4tr.exe
/o19wzg.dotm

# Reference: https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel
# Reference: https://otx.alienvault.com/pulse/63ee2eedd11d67c4a0381cb1

iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad.onion

# Reference: https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign
# Reference: https://otx.alienvault.com/pulse/6401fd791fe902ee4ade8711

lockbit3hc6syym13ki2ag5jskr6q5qa3spspjpmtfhh6fufut737zid.onion
lockbit3jx6je7tm6hhm6zzafgy6hpil3ur6jmc2a4ugan7xzztv6oqd.onion
lockbitdvbpfczc3yrs37kpp6avnrgr7yygi2f45qxvef2yqi36lpxyd.onion
lockbitov3afmxgknfhk2o5d4uqrhygd7ty3xqm56qd6zjlu6u43pgyd.onion
poliovocalist.com

# Reference: https://twitter.com/ViriBack/status/1688196757908324352
# Reference: https://app.any.run/tasks/f8631874-112f-4814-b254-8aeede48c829/

23.92.208.51:8080

# Reference: https://twitter.com/AlvieriD/status/1709558046169477536

lockbitnotexk2vnf2q2zwjefslhjsnk4u74vq4chxrqpjclfydk4ad.onion

# Reference: https://twitter.com/seguridadyredes/status/1717220865522245837

http://104.237.255.254
http://167.172.239.68
http://185.202.2.121
http://51.15.18.180
http://51.89.134.150
http://52.237.96.13
http://54.38.212.197
http://62.76.112.121
http://82.102.20.219
http://82.202.247.81
tinneatonenessnabobical.com

# Reference: https://twitter.com/MaxRogers5/status/1727115513468469715
# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
# Reference: https://otx.alienvault.com/pulse/655de81a14bc690453688560

http://62.233.50.25
http://81.19.135.219
81.19.135.219:443
adobe-us-updatefiles.digital
unattended.techninline.net

# Reference: https://twitter.com/noexceptcpp/status/1734309296245026843
# Reference: https://twitter.com/noexceptcpp/status/1734309296245026843

http://142.171.8.34
http://173.82.106.20
/LockBit30.7z
/LockBit3Builder.7z

# Reference: https://twitter.com/banthisguy9349/status/1735226147154112676

http://142.171.8.34
/LockBit-Black-Builder

# Reference: https://twitter.com/malwrhunterteam/status/1737977329782059408
# Reference: https://www.virustotal.com/gui/file/33af82d0be509833db69893a043da367d7dae216f6b61d96e542ca4546805d7a/detection

lockbitapt280e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.onion

# Reference: https://25491742.fs1.hubspotusercontent-eu1.net/hubfs/25491742/WAZAWAKA_TLPCLEAR_Report.pdf
# Reference: https://www.virustotal.com/gui/file/a7097aa81d7ded0ba011e056f16b50549801bf4001ad11f20e071b05e7172fac/detection
# Reference: https://www.virustotal.com/gui/file/855720fe77e8a762c59c77a5067ae8c6a6ad12e658073776529e8404ba16f5dd/detection
# Reference: https://www.virustotal.com/gui/file/2459b0ee1091a6e4232da6ae7fe587d81dd24e521f7fd1fc8c2a89c40f78740e/detection
# Reference: https://www.virustotal.com/gui/file/0161731f8500ac724469b01a5f8f2695279cbf05bcad4b3586b090e6a89fdc87/detection

81.17.29.165:443

# Reference: https://twitter.com/DmitriyMelikov/status/1740472757236998293
# Reference: https://www.virustotal.com/gui/file/f7729a917edefcaabe7545738fb1097ba83e99829dd7a4dc1b1c609da725a0b1/detection

neverlandserver.nn.pe
lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly
lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly
lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion.ly
lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion.ly
lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

# Reference: https://twitter.com/RakeshKrish12/status/1740634433873743965
# Reference: https://www.virustotal.com/gui/ip-address/77.222.57.185/relations

help8888.top

# Reference: https://twitter.com/doc_guard/status/1740748988897243421
# Reference: https://app.docguard.io/957baea98c48a7e8f620b6ad869113eacbc4f14c73e03bf5f9dbc75881e22aed/results/dashboard
# Reference: https://www.virustotal.com/gui/file/957baea98c48a7e8f620b6ad869113eacbc4f14c73e03bf5f9dbc75881e22aed/detection

viviendas8.com

# Reference: https://twitter.com/RakeshKrish12/status/1758029854170329127
# Reference: https://twitter.com/Intel_Ops_io/status/1758113329472520497
# Reference: https://urlscan.io/result/07e695eb-629a-4178-bc93-efbbdbe0fd05/

http://165.227.85.87
http://5.182.5.126
dispossessor.com
radar.ltd
twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion

# Reference: https://www.virustotal.com/gui/file/bfa1a2bd23754277ee1f31e80c92d9c5309f150083451bfc33bbeb604adec8f6/detection

lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
lockbitccip4ykyd.onion

# Reference: https://app.validin.com/detail?type=raw&find=LockBit+BLOG#tab=host_pairs

http://188.119.67.179
http://193.37.69.163
http://31.41.44.160
http://5.188.88.239
nampakdata.org

# Reference: https://x.com/AlvieriD/status/1805074447130636320

ofj3oaltwaf67qtd7oafk5r44upm6wkc2jurpsdyih2c7mbrbshuwayd.onion

# Reference: https://x.com/DarkWebInformer/status/1805701492139073841

lockbit33chewwx25efq6dgkhkw4u7nefudq4ijkuamjfd7x73on6dyd.onion

# Reference: https://x.com/AlvieriD/status/1812796871649219056

lockbitw2ygzasbt35ffpdb46r4vkej6flm3siyabaxzdodwpiatfgqd.onion

# Reference: https://x.com/RakeshKrish12/status/1813098856143593684

lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
lockbitm7sccjc7254x3lpunyobnaiw2gnkptev2ygipifguf3r7spyd.onion
lockbitw5gfwjv23v5ytupbpdnc2ei5nqyhnnpoyme2ohqs6tc7jehad.onion

# Reference: https://x.com/RakeshKrish12/status/1813098858802737636

lockbit23xxhej7swdop24cru7ks2w66pw7zgdkydqo6f7wfyfqo7oqd.onion
lockbit7ixelt7gn3ynrs3dgqtsom6x6sd2ope4di7bu6e6exyhazeyd.onion
lockbitck6escin3p33v3f5uef3mr5fx335oyqon2uqoyxuraieuhiqd.onion
lockbitfhzimjqx2v7p2vfu57fpdm5zh2vsbfk5jkjod3k5pszbek7ad.onion
lockbiti7ss2wzyizvyr2x46krnezl4xjeianvupnvazhbqtz32auqqd.onion
lockbitkwkmhfb2zr3ngduaa6sd6munslzkbtqhn5ifmwqml4sl7znad.onion
lockbitqfj7mmhrfa7lznj47ogknqanskj7hyk2vistn2ju5ufrhbpyd.onion

# Reference: https://x.com/AlvieriD/status/1817127275671806170

lockbit3hdu7e4sv3ecg6mmqmeihjcizebcxic6t4eqwar6f2e7rxpad.onion
lockbit4r3ly63w22jhkg33emtqwxw436wkftosscvdal2prdlwzknyd.onion
lockbit7bb4b6n27feok2rc7ri75udaqkfppjvtkxlwh7qldygbopmad.onion
lockbit7xn7nqc5f5gfhv6qrf46xh65lscuzctwnmomthcigu2m3tad.onion
lockbitb63zs7f4rdjcsn2etkqaswurk6hh55sa2ojeilxcnwf6qbkqd.onion
lockbitbtdk33k75rsl6uhn6bewd5g6z3hp42z6vb2hfk54oja55h7id.onion
lockbitbvcwegcbou4fulv3iy3bpwh2do3y243w2riwbgcdp|3hd3uyd.onion
lockbitdzjxsgyacnmfte6nfgqfcyhedkduimi4tsajvrwi4ljbos7id.onion
lockbitehorki5kh6s3n27hi3serhzr7htlshfqyg5ex32dyr5efhfyd.onion
lockbitffcjqi2wpwhjgubkjihhc7seaujqgzscvwvdiftunl6hn5oyd.onion

# Reference: https://x.com/AlvieriD/status/1818615301283680270

lbb2llze7ab4rnq4jumsy4ihsqzpuysaofpz2e43f00cwmrzsokumqid.onion
lbb47q2f7nzeatj6mxppuk7bhnvwu23mf6pfuywxcz57dwnzl6z3ksqd.onion
lbb6ud2vyf23z4hw6fzskr5gru7eftbjfbd6yzra3hzuqqvjy63blqqd.onion
lbbchnkrhkjtltjunmqsbw32bbblsd5bd2pqywtt2bex4bjmosry2iqd.onion
lbbellr6aq4kuchzy44pmimszfd4di4fslez765ux4kse304lxcnpgid.onion
lbbfsazjqqwvtq2ckhm53kfmvsy7c6sdci3uy6qui4lv66aeef7hhpad.onion
lbbgv7wsi6bpguvjbu60mdgwzllomstvd065d02q7vw4er7aqrnmtad.onion
lbbjmbkvw3yurmnazwkbjsmuyvw5dd6y7hyxrus23y33qiqczclrnbyd.onion
lbbk5lfftmhhu2qtahhg4wpnxw4bmtzoy5mu7g4jwyfyeyq0e3vpl4yd.onion
lbbov7weoojwnqytnjqygmglkwtimsdvyw3xvoluksostz750fd6enqd.onion
lbbp0q6d2jglpw7dxarr60aakgnlxt5nmrza50jlufsuffuzexajsuyd.onion
lbbp2rsfcmg5durpwgs22wxrdngsa4wiwmc4xk6hgmuluy6bvbvvtlid.onion
lbbscnqexve2wg6acbfyohkzeijflpqmgijx5ksyvu4aljv27r2lgiid.onion
lbbux057hyskobn5xwtw26rk04wyvttory6k7pio2lv5adeopeezv6ad.onion
lbbvhambmcts4rpf2b65mrnqynhpn4hksq47i02wowscjtv3xmsypid.onion
lbbw60p2te2f323ltn2fgwl5tuscr3udoj3ik20bdtr5367skuh4cid.onion
lbbw7j6si6k2bzxd4tzvesoufjtr4pa6awqie63rmkpql7hmu6tqnqd.onion
lbbxv6nlojheut6th4nqwpabr4gtksmy7f4c52ubvvvumydpo4dmry.onion
lbbzlychkbilhjswshhuvk7zk4axdffy3nvel3zaqwnu02d4nlookeyd.onion
lbbzme4ctvcgzo5lq7jvcdy2v2cs6hrlgihsmylfddprzqptm6ywhhyd.onion

# Reference: https://x.com/arch1ehic0x/status/1832397429921989108
# Reference: https://www.virustotal.com/gui/file/d14a3a7f9d7a5eeecd1aa169d2954a1ec318efb91281d3bac4756174b41742d6/detection
# Reference: https://www.virustotal.com/gui/file/c38bbb635cfe79bb7c5d1ce8be0138c670663f1402c87c83a2bdb1f913c89a9d/detection
# Reference: https://www.virustotal.com/gui/file/5594af688574f12255e766e9be7e3e82d5295ad133b7a30465d3cc66ea78a57a/detection
# Reference: https://www.virustotal.com/gui/file/556c75aebff8ff9ceafeb223f15f64dda6db7457ba60495d743254ccfc94ecf3/detection
# Reference: https://www.virustotal.com/gui/file/3a10175e0093afb8d2a1ddffca7c95199352e31402b279f37fa9f735e154a0e2/detection

176.111.174.64:9999

# Reference: https://x.com/ShanHolo/status/1835258665453883727
# Reference: https://www.virustotal.com/gui/file/105912c9995a1d718c5442349d2cc4bb99426f75ff34554cdfd9a7272eeca398/detection

119.28.78.133:9001

# Reference: https://x.com/t43cr0wl3r/status/1807499156124311649
# Reference: https://app.validin.com/detail?find=Lockbit%203.0%20-%20Pay%20or%20die!%20&type=raw&ref_id=27a7927ffd9#tab=host_pairs_v2

http://5.78.121.251
static.251.121.78.5.clients.your-server.de
