Tidal Cyber Blog

Community Content Release: LockBit Tools & TTPs

Written by Scott Small | Aug 22, 2023 2:03:15 PM

We recently began publishing Tidal Cyber-authored Objects in our free Community Edition! Curated Objects support research pivoting and easier surfacing of timely threat & TTP intelligence content. If you missed the original announcement, read more about this exciting new feature here, and find summaries of each recent release on our blog.

LockBit is without debate one of the top ransomware threats in the cyber landscape. As just one measure of the gang’s dominance, LockBit actors have claimed more victims since last summer than any other extortion operation over the same time period (by a wide margin—nearly three times as much as the next highest group).

LockBit operators and their affiliates use a wide variety of tools & TTPs—researchers have observed more than 70 discrete Techniques and nearly 40 free & open-source tools and legitimate binaries during LockBit intrusions, making defense a constantly moving target.

However, despite LockBit’s prominence, defenders have lacked a central place to track and operationalize current intelligence around LockBit tools & TTPs—until now! The latest content added to our Community Edition is entirely dedicated to LockBit, and the complete list of new & updated threat objects in this release can be found below:

August 22, 2023 Content Updates

26 new Objects, 15 updated Objects, 174 new Object & Technique Relationships

New Objects

Groups

Software

Updated Objects

Software