2026-02-12 LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems

📃Title: LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems
📅Date: 2026-02-12
🔗References:

• https://www.acronis.com/en/tru/posts/lockbit-strikes-with-new-50-version-targeting-windows-linux-and-esxi-systems

Description

LockBit 5.0, the latest version of the notorious ransomware, has been released with support for Windows, Linux, and ESXi systems. This update brings improved defense evasion, faster encryption, and enhanced modularity. The Windows variant employs extensive anti-analysis techniques, while Linux and ESXi versions remain unpacked. All variants share a common encryption scheme using XChaCha20 and Curve25519. LockBit 5.0 demonstrates a focus on enterprise and infrastructure targets, including explicit support for Proxmox virtualization. The group’s data leak site reveals a primary focus on the U.S. business sector, with victims spanning various industries. LockBit’s infrastructure has shown connections to SmokeLoader, suggesting possible cooperation or infrastructure reuse among malware operators.

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: malware-analysis
• target: broad-based
• MY-relevancy: relevant

🔖MISP Galaxies:

• target-information=“United States”
• ransomware=“lockbit5”
• malpedia=“SmokeLoader”
• target-information=“Argentina”
• target-information=“Bolivia”
• target-information=“Brazil”
• target-information=“China”
• target-information=“Czech Republic”
• target-information=“Egypt”
• target-information=“Estonia”
• target-information=“France”
• target-information=“Germany”
• target-information=“India”
• target-information=“Ireland”
• target-information=“Italy”
• target-information=“Kuwait”
• target-information=“Malaysia”
• target-information=“Mexico”
• target-information=“Singapore”
• target-information=“South Africa”
• target-information=“Spain”
• target-information=“Thailand”
• target-information=“Turkey”
• target-information=“United Arab Emirates”
• target-information=“United Kingdom”
• mitre-attack-pattern=[‘T1489’, ‘T1553.002’, ‘T1082’, ‘T1071’, ‘T1140’, ‘T1036’, ‘T1055’, ‘T1562.002’, ‘T1112’, ‘T1070.001’, ‘T1222’, ‘T1083’, ‘T1497’, ‘T1480’, ‘T1078’, ‘T1027’, ‘T1486’, ‘T1573’, ‘T1490’]

MISP event uuid: db240f3d-7cc8-4a58-9b99-69e778ab7a5d

Indicator of Compromise (IoCs)

type,value,comment
domain, lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion, ''
domain, lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion, ''
domain, lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion, ''
domain, lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion, ''
domain, lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion, ''
domain, lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion, ''
domain, lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion, ''
domain, lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion, ''
domain, lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion, ''
domain, lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion, ''
domain, lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion, ''
domain, lockbit7z4cgxvictidwfxpuiov4scdw34nxotmbdjyxpkvkg34mykyd.onion, ''
domain, lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion, ''
domain, lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion, ''
domain, lockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion, ''
domain, lockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion, ''
domain, lockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion, ''
domain, lockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion, ''
domain, lockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion, ''
domain, lockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion, ''
domain, lockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion, ''
domain, lockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion, ''
domain, lockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion, ''
domain, lockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion, ''
domain, lockbitfbinpwhbyomxkiqtwhwiyetrbkb4hnqmshaonqxmsrqwg7yad.onion, ''
domain, lockbitsuppyx2jegaoyiw44ica5vdho63m5ijjlmfb7omq3tfr3qhyd.onion, ''
domain, rodericwalter.com, ''
ip-dst, 205.185.116.233, 'LockBit exposed server'
domain, karma0.xyz, 'LockBit exposed server'
url, http://lockbitfbinpwhbyomxkiqtwhwiyetrbkb4hnqmshaonqxmsrqwg7yad.onion/, 'Data leak site'
url, http://lockbitsuppyx2jegaoyiw44ica5vdho63m5ijjlmfb7omq3tfr3qhyd.onion, 'Threat actor chat link'
url, http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion/, 'Leaked data mirrors'
url, http://lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion/, 'Leaked data mirrors'
url, http://lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion/, 'Leaked data mirrors'
url, http://lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion/, 'Leaked data mirrors'
url, http://lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion/, 'Leaked data mirrors'
url, http://lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion/, 'Leaked data mirrors'
url, http://lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion/, 'Leaked data mirrors'
url, http://lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z4cgxvictidwfxpuiov4scdw34nxotmbdjyxpkvkg34mykyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion/, 'Leaked data mirrors'
url, http://lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion/, 'Leaked data mirrors'
url, http://lockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion/, 'Leaked data mirrors'
url, http://lockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion/, 'Leaked data mirrors'
url, http://lockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion/, 'Leaked data mirrors'
url, http://lockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion/, 'Leaked data mirrors'
url, http://lockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion/, 'Leaked data mirrors'
url, http://lockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion/, 'Leaked data mirrors'
url, http://lockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion/, 'Leaked data mirrors'
url, http://lockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion/, 'Leaked data mirrors'

Full IOCs available in Rectifyq's MISP```