<tutorialjinni.com/>

LockBit ESXi Linux Ransomware

Posted Under: Download Free Linux Malware Samples , Download Free Malware Samples , ESXi, Linux, Malware, Ransomware, YARA on Jan 30, 2022
LockBit ESXi Linux Ransomware
Lockbit Linux ESXi Ransomware uses a combination of Advanced Encryption Standard (AES) and elliptic curve cryptography (ECC) algorithms for data encryption. This variant could have a big impact on victim organizations because of how ESXi, VMware’s hypervisor helps in managing servers compared to with previous version which is targets toward Windows.

Lockbit YARA IOC

rule Linux_Lockbit_Jan2022 {
   meta:
      description = "Detects a Linux version of Lockbit ransomware"
      author = "TrendMicro Research"
      date = "2022-01-24"
      hash1 = "038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4"
     strings:
        $xor_string_1 = "LockBit Linux/ESXi locker V:" xor(0x01-0xff)
        $xor_string_2 = "LockBit 2.0 the world's fastest ransomware since 2019" xor(0x01-0xff)
        $xor_string_3 = "Tox ID LockBitSupp" xor(0x01-0xff)
    condition:
      uint16(0) == 0x457f and filesize < 300KB and
      filesize > 200KB and any of them
}

Lockit 2.0 Linux ESXi Ransomware Signatures

Family: Trojan.Linux.GenericA.50716 (B)
MD5: b354eaf3061b4099aecac523eb5466a3
SHA256: 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4

Lockit 2.0 Linux ESXi Ransomware Download

Download Lockit 2.0 Linux ESXi Ransomware Sample


imgae