AhnLab Security Intelligence Center (ASEC) has identified that LockBit ransomware has been being distributed via Word files since last month. A notable point is that the LockBit ransomware is usually distributed by disguising itself as resumes, and recently found malicious Word files were also disguised as resumes. The distribution method of LockBit ransomware using external URLs in Word files was first found in 2022. As various malware other than LockBit ransomware is also being distributed under the guise of resumes, users are advised to be extra cautious.
Disclaimer: This article is part of X-Force OSINT Advisories’ automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference: https://asec.ahnlab.com/en/60633/
Sample Indicators of Compromise:
f2a9bc0e23f6ad044cb7c835826fa8fe16814dffbcaf12ccb579d5c59e151d166424cc2085165d8b5b7b06d5aaddca9a1b95af49b05953920dbfe8b042db928511a65e914f9bed73946f057f6e6aa347
