Phorpiex - Downloader Delivering Ransomware
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
The report analyzes the Phorpiex botnet's role in delivering LockBit Black Ransomware. It highlights the automated execution of ransomware through Phorpiex, minimal changes to the botnet's code since its source code sale in 2021, and direct deployment of LockBit without network expansion. The analysis covers the infection flow, phishing emails, and technical details of different Phorpiex variants. Key features include URL cache deletion, library obfuscation, indicator removal, and persistence mechanisms. The report also provides a comparative analysis of LockBit, GandCrab, and TWIZT downloader variants, along with IOCs and MITRE ATT&CK mapping.
OPENCTI LABELS :
phishing,ransomware,botnet,downloader,lockbit,phorpiex,gandcrab,twizt
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Phorpiex - Downloader Delivering Ransomware