Indicator_type,Data,Note Description,IoCs related to Lockbit 3.0 ransomware,https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling sha256,0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509,Troj/Lockbit-F sha256,168ab5ce440d53ca7397cf3da86d68a67264c6bb0e3f6c8f2066132d6d129bdd,c:\logs\lbb_rundll32_pass.dll. This file was not retrieved from the target and is not available on VT sha256,18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566,c:\users\\downloads\netscan\netscan.exe : sha256,2308cef810b30ccb5be11fc664ce51b41bb6cee703f09d0a348771cf11f4dc9e,c:\users\\desktop\avremover_nt64_enu.exe : sha256,307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59,c:\users\\desktop\backstab64.exe : sha256,33987ca88cf48f7f9cfd46610f2c46e104f7c13f0285b5c6c2dca2c6290d9df5,Mal/FakeAV-JC sha256,35f971f9f84af8f4a42c97d6258c251e213f99741c1cfadfabbd5f1204e5658e,Mal/FakeAV-JC sha256,372d6d866798495d12b0ce745038fa2da575f22c30b061b948804cfdd8d11224,ML/PE-A + W32/Neshta-D (Gmer infected with Neshta) sha256,391a97a2fe6beb675fe350eb3ca0bc3a995fda43d02a7a6046cd48f042052de5,Troj/Lockbit-F sha256,39c363d01fb5cd0ed3eeb17ca47be0280d93a07dda9bc0236a0f11b20ed95b4c,Mal/FakeAV-JC sha256,4f61f20fa1edfd0ce1de2ca8110c725c9d9c16a9680748c12042a3302054fc72,GMER sha256,5043e94612cc5111c07f30968e7bc78e96e277f55262064207a9cd87bc23a343,Troj/Lockbit-F sha256,506f3b12853375a1fbbf85c82ddf13341cf941c5acd4a39a51d6addf145a7a51,c:\users\\downloads\lbb_pass.exe : Lockbit executable sha256,7d58338f7e5b4b77459835a2e057a07f81f72991a0e282d079fd5e227f68b5de,ardrv.sys sha256,80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce,Troj/Lockbit-F sha256,8834c84cfd7e086f74a2ffa5b14ced2c039d78feda4bad610aba1c6bb4a6ce7f,c:\users\\downloads\netscan\sd.exe : (creates snapshot of the filesystem) sha256,90235e199dcb2cd6fa2e68fbfc46f1aa649f2438210fd833b8e7e748b6428ba4,Troj/Lockbit-F sha256,986a88c4053d398624c7736a5f60d2561760b7a532677fc251c8c3dac8f3f60e,OPSWAT OESIS V4 Removal Module (https://www.opswat.com/products/oesis-framework) sha256,9a34909703d679b590d316eb403e12e26f73c8e479812f1d346dcba47b44bc6e,Mal/FakeAV-JC sha256,a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e,Troj/Lockbit-F sha256,c6861032317562532c21e373b88efacdc1307c8a3efce8c8992584171157ebed,Troj/Lockbit-F sha256,c6cf5fd8f71abaf5645b8423f404183b3dea180b69080f53b9678500bab6f0de,Troj/Lockbit-F sha256,d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee,Troj/Lockbit-F sha256,e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173,GMER sha256,f4ab473dcb45beb8cb01ad616422c05a45134c6b028f310f06543e2c33584cef,Troj/Lockbit-F sha256,fd98e75b65d992e0ccc64e512e4e3e78cb2e08ed28de755c2b192e0b7652c80a,Troj/Lockbit-F file_path_name,c:\logs\lbb_rundll32_pass.dll,168ab5ce440d53ca7397cf3da86d68a67264c6bb0e3f6c8f2066132d6d129bdd. This file was not retrieved from the target and is not available on VT file_path_name,c:\logs\lbb_ps1_obfuscated.ps1, file_path_name,c:\logs\lbb_ps1_pass.ps1, file_path_name,c:\logs\lbb_pass.exe,506f3b12853375a1fbbf85c82ddf13341cf941c5acd4a39a51d6addf145a7a51 file_path_name,c:\logs\avremover_nt64_enu.exe,2308cef810b30ccb5be11fc664ce51b41bb6cee703f09d0a348771cf11f4dc9e file_path_name,c:\logs\backstab_x64.exe, file_path_name,c:\logs\backstab_x86.exe, file_path_name,c:\logs\gmer3.exe, file_path_name,c:\logs\gmer2.exe, file_path_name,c:\logs\backstab64.exe,307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59 file_path_name,c:\logs\gomer.exe, file_path_name,c:\desktopcentral\lbb___.zip, file_path_name,c:\desktopcentral\psp.ps1, file_path_name,c:\desktopcentral\ps.ps1, file_path_name,c:\users\\downloads\gmer.exe, file_path_name,c:\users\\downloads\sophos-removal-tool-master.zip, file_path_name,c:\users\\downloads\sophoscentralremoval-master.zip, file_path_name,c:\users\\downloads\uninstallscript.ps1, file_path_name,c:\users\\downloads\netscan\zam.bat, file_path_name,c:\users\\downloads\netscan\uninstallsophos.bat, file_path_name,c:\users\\downloads\netscan\turnoff.bat, file_path_name,c:\users\\downloads\netscan\netscan.exe,18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566