2021-08-24 Emerging Ransomware Groups AvosLocker, Hive, HelloKitty, LockBit 2.0| Threat Intelligence Malaysia

📃Title: Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0
📅Date: 2021-08-24
🔗References:

https://unit42.paloaltonetworks.com/emerging-ransomware-groups/

Description

A look at some of the emerging ransomware groups that are currently affecting organizations and are likely to become more prevalent in the future, according to security firm Palo Alto Networks and its Unit 42 security unit.

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: broad-based
MY-relevancy: relevant

🔖MISP Galaxies:

producer= Palo-Alto
target-information=“Romania”
target-information=“Austria”
target-information=“Italy”
target-information=“Germany”
target-information=“Switzerland”
target-information=“Brazil”
target-information=“Australia”
target-information=“Malaysia”
target-information=“Argentina”
target-information=“Mexico”
target-information=“Lebanon”
target-information=“Spain”
target-information=“Belgium”
target-information=“United States”
ransomware=“AvosLocker”
ransomware=“HelloKitty”
ransomware=“Hive”
ransomware=“LockBit”
mitre-attack-pattern=[‘T1090’, ‘T1021’, ‘T1115’, ‘T1027’, ‘T1110’, ‘T1003’, ‘T1490’, ‘T1471’]

MISP event uuid: 2959ad1b-1d10-4406-b3e7-92343e5097d0

Indicator of Compromise (IoCs)

type,value,comment
md5, d285f1366d0d4fdae0b558db690497ea, 'AvosLocker'
md5, 76e177a94834b3f7c63257bc8011f60f, 'AvosLocker'
md5, fe977e2028bbb774952df319042e3cab, 'AvosLocker'
md5, de6152b2b3a181509c5d71a332a75043, 'AvosLocker'
md5, 504bd1695de326bc533fde29b8a69319, 'Hive Ransomware'
md5, eb45ff7ea2ccdcceb2e7e14f9cc01397, 'Hive Ransomware'
md5, 8240d60d83cb7c0248e64389855e29b4, 'Hive Ransomware'
md5, 2f9fc82898d718f2abe99c4a6fa79e69, 'Hive Ransomware'
md5, 09c93a2562b5157264a5396048fd8bb5, 'Hello Kitty (Linux)'
md5, f597d74b84929ded948fc42c6f6210e5, 'Hello Kitty (Linux)'
md5, d350067595898151bb776db397871c13, 'Hello Kitty (Linux)'
md5, 1cd2d73098671253243a8457355b8820, 'Hello Kitty (Linux)'
md5, 88b05c83ce07d0ea716c238598ed083c, 'Hello Kitty (Linux)'
md5, 5716a136538ec546ef591d5aa143c153, 'Hello Kitty (Linux)'
md5, 9506d2c662e85730d459ee605c316b7e, 'Hello Kitty (Linux)'
md5, 4d25a9242eac26b2240336fb94d62b1e, 'Lockbit 2.0'
md5, b7f1120bcff47ab77e74e387805feabe, 'Lockbit 2.0'
md5, af9ff037caca1f316e7d05db86dbd882, 'Lockbit 2.0'
md5, d5436df39096935f655022a5ea85066e, 'Lockbit 2.0'
md5, 0d3058695e559b95910911c4b391d482, 'Lockbit 2.0'
md5, da4ffeaafcd56ed1fb95d1da3645f6c8, 'Lockbit 2.0'
md5, 96de05212b30ec85d4cf03386c1b84af, 'Lockbit 2.0'
md5, a5434b72fa80d4ed2bef826a36542dbc, 'Lockbit 2.0'
md5, 548cdd0c2071170c4c87784eb8be84cd, 'Lockbit 2.0'
md5, 13baa52d7961db198134763370aa61e7, 'Lockbit 2.0'
md5, 84866fca8a5ceb187bca8e257e4f875a, 'Lockbit 2.0'
md5, 6fc418ce9b5306b4fd97f815cc9830e5, 'Lockbit 2.0'
md5, 1e43127237176bf49f1647140602f190, 'Lockbit 2.0'
md5, f91095ae0e0632b0f630e0c4eb12ba10, 'Lockbit 2.0'
md5, a4b9a65f57b2312b44038d0a1909ba73, 'Lockbit 2.0'
md5, ce5d09832339eb7ef86f2c22b4904a20, 'Lockbit 2.0'
md5, b0916724ff4118bf213e31cd198c0afd, 'Lockbit 2.0'
md5, ed935c13170a4af0649cfada8d076c9c, 'Lockbit 2.0'
md5, 4cab5f246a14bc558a80aef99065561c, 'Lockbit 2'
md5, 6d301e3f4ef753b961e86673e3c2c59c, 'Lockbit 2.0'
md5, dd318eeba5df256422d6c871879a64f8, 'Lockbit 2.0'
md5, 388eafffcc96c71c317cf0908d3a133b, 'Lockbit 2.0'
md5, 4de69c226426a742a17ade81cde8d1f9, 'Lockbit 2.0'
md5, 9fe9f4ee717bae3a5c9fdf1d380e015d, 'Lockbit 2.0'
md5, 49250b4aa060299f0c8f67349c942d1c, 'Lockbit 2.0'
md5, 207718c939673a5f674ce51f402cfc06, 'Lockbit 2.0'
md5, e4179bca5bf5b1fd51172d629f5521f8, 'Lockbit 2.0'
md5, 8ab0375228416b89becff72a0ae40654, 'Lockbit 2.0'
md5, ec273b5841eadfc43b1908c9905e95a3, 'Lockbit 2.0'
md5, 5761ee98b1c2fea31b5408516a8929ea, 'Lockbit 2.0'
md5, 5cc28691fdaa505b8f453e3500e3d690, 'Lockbit 2.0'
md5, 123511227718f17b3dec5431d5ae87f3, 'Lockbit 2.0'
md5, 1fbef2a9007eb0e32fb586e0fca3f0e7, 'Lockbit 2.0'
md5, 1f4f6abfced4c347ba951a04c8d86982, 'Lockbit 2.0'
md5, 0859a78bb06a77e7c6758276eafbefd9, 'Lockbit 2.0'
md5, 9a246bf39f3fab9c2d45f1003bdc6b45, 'Lockbit 2.0'
md5, a04a99d946fb08b2f65ba664ad7faebd, 'Lockbit 2.0'
md5, 309036e77962a4361159d60b4ea01fd1, 'Lockbit 2.0'
md5, 38dc6cbaef2be2647447280ffccf9c80, 'Lockbit 2.0'
md5, 66b9ccb41b135f302b3143a5d53f4842, 'Lockbit 2.0'
md5, 082fffb7439f2ec6c40bbb29640ebc3b, 'Lockbit 2.0'
md5, b2bb315120eb657647415aebc1985294, 'Lockbit 2.0'
md5, 0f890d99d7a89506db76866f4a93b771, 'Lockbit 2.0'
md5, 5471d251b16dd1ad99ff16917a6f21ca, 'Lockbit 2.0'
md5, de0f761ba8670b0d124b3b6a87de991f, 'Lockbit 2.0'
md5, c1ccd4d01158267a6a8af231e58c0fd8, 'Lockbit 2.0'
md5, 940bdaaaf565a64839aa869ddc4b95ae, 'Lockbit 2.0'
md5, 687f47f3e7d60f4644e045d03f0a25e4, 'Lockbit 2.0'
md5, c5ada42d5c2f48db3d4c752405325ddf, 'Lockbit 2.0'
md5, 1786f00209d89b34d2268d95f94ec23f, 'Lockbit 2.0'
md5, ebe673b2ee28dd65565f2f389279ac47, 'Lockbit 2.0'
md5, 50bbcedacd191e4ffe0ab8836a10f409, 'Lockbit 2.0'
md5, 80d408493855a87a932bb47b16a29db5, 'Lockbit 2.0'
md5, 508ab0ce0a16c7d215302af82e4c6a58, 'Lockbit 2.0'
md5, 858c2be3f107cbd7cea4e62a8b399336, 'Lockbit 2.0'
md5, 49f42f6a81b55cc3d3ea2f971be70e4f, 'Lockbit 2.0'
md5, 93fc430d98608fc0b0a16f1a96b35459, 'Lockbit 2.0'
md5, 0341998514e0d8c8e7f7aef6a2738119, 'Lockbit 2.0'
md5, f5fa2b0ac4af6730538304d564ecc9f0, 'Lockbit 2.0'
md5, 022091772db14e763fcceeb462d150d1, 'Lockbit 2.0'
md5, d85e8c8a4bc691ea815df62a5785412f, 'Lockbit 2.0'
md5, 331eab9d29ecae0f1fe0d8ec835ab426, 'Lockbit 2.0'
md5, 9dccc012908b030b3fe7c21173442eae, 'Lockbit 2.0'
md5, 9671babf2f07330a1a519764ef26d144, 'Lockbit 2.0'
md5, 8d3c2f8033a0a8a43c79ba8a12acb1d7, 'Lockbit 2.0'
md5, 1c399f3867c8ac37005c1c7ec92b1f64, 'Lockbit 2.0'
md5, 345e9386165de4a718b9a8ae8b206e29, 'Lockbit 2.0'
md5, ea3433b844ee10e71b84d2b9038b46ba, 'Lockbit 2.0'
md5, c083e019e1fa79d5095dca37165a1346, 'Lockbit 2.0'
md5, 92429807c7d957566d1897d5bf7c6639, 'Lockbit 2.0'
md5, 18cea7c5ab3ffb0146bad18ea79b6745, 'Lockbit 2.0'
md5, 84a0cdd9e78e46ccdd84eb0dc9de6928, 'Lockbit 2.0'
md5, 231c75a33f047ee2dd5d5330e26efe22, 'Lockbit 2.0'
md5, 5a86190f45987701b35a2c69d6c17e24, 'Lockbit 2.0'
md5, 2b5dc59b959884fed9372eccce13fc4c, 'Lockbit 2.0'
md5, b1e63b65c06cc8f4f72ce75ff6f03c0a, 'Lockbit 2.0'
md5, d49522c0751a8f45957e3757812ca905, 'Lockbit 2.0'
md5, c9a478c4a5b1b945cd49c1ee077a4956, 'Lockbit 2.0'
md5, 7e68772dd303cee3c3becd653a34452c, 'Lockbit 2.0'
md5, 02ad715191b64a46120e38ca6cb1ef6a, 'Lockbit 2.0'
domain, bigblog.at, 'IOC-description:Registrar=Key-Systems GmbH ( https://nic.at/registrar/404 )'
domain, decoding.at, ''
sha256, aa727a827c9e978520f5703e9100b52551b97cfc1e15e683cf27ce5212035548, 'Lockbit 2.0 No sample in VT\r\nLast check:23/02/2025'
sha256, a718c499a7a3c505828f5253862c9b2f3c40e2d80132de96e5cc19e3c161730b, 'Lockbit 2.0 No sample in VT\r\nLast check:23/02/2025'
sha256, b735c0169ecdddba6676c6c490199358f6ab7cc9724391fee2482676a3efc6e5, 'Lockbit 2.0 No sample in VT\r\nLast check:23/02/2025'
domain, lockbit-decryptor.com, ''
domain, lockbit-decryptor.top, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2021-08-24 Emerging Ransomware Groups AvosLocker, Hive, HelloKitty, LockBit 2.0

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View