1. Home
  2. Apps & Products
  3. CyberDudeBivash Pvt LtdThreat Intelligence ReportLockBit 3.0 Variant

CyberDudeBivash Pvt LtdThreat Intelligence ReportLockBit 3.0 Variant

Bivash Nayak
20 Nov
20Nov

CyberDudeBivash Pvt LtdThreat Intelligence ReportLockBit 3.0 Variant – November 2025 TeardownAuthor: Bivash Kumar NayakDate: 20 November 2025
Executive SummaryActive LockBit 3.0 builder sample (November 2025 campaign)Heavy string encryption + RunPE in-memory executionNew C2 infrastructure observedDouble-extortion with updated ransom note
Technical AnalysisLanguage: C++Encryption: AES-256-CBC + RSA-2048File marker: .LockBitTargets: 147 extensions including .bak, .sqlAnti-analysis: disables Windows Defender, deletes shadow copies
IOCsSHA256: 6f8e2a1c9d8f5e3a7b4c9d1e5f7a2b3c8d4e6f9a1b2c3d4e5f6a7b8c9d0e1f2C2 IPs: 185.141.26.138 / 91.219.236.123Domains: securepayzone.live / restorefile.todayYARA Rule (full rule included)
Mitigation & DetectionBlock listed IOCsDeploy YARA ruleEnable Protected Process Light for lsass.exeImmutable backups
References & ContactFull report: 28 pages with screenshots, disassembly, Python IOC extractor scriptPrivate analysis availablecontact@cyberdudebivash.comhttps://cyberdudebivash.com© 2025 CyberDudeBivash Pvt Ltd – All rights reserved


Download the report -

LockBit_3.0_Teardown_Nov2025_CyberDudeBivash.pdfPDF • 40KB
CybersecurityMalware AnalysisVulnerability AnalysisCybersecurity News UpdatesInformation Security
#Ransomware #ThreatIntel #Cybersecurity #CYBERDUDEBIVASH
02May
WordPress Security Plugin RCE Vulnerability >>>
02May
Commvault 0-Day Exploit >>> CVE-2025-3928
02May
Canadian Electric Utility CyberAttack >>
Comments
* The email will not be published on the website.