SQL LockBit panel

[05xmac]

This dump appears to be the backend database from LockBit's blog/negotiation panel. After parsing it fully, here's what stood out:

246 victim portals
819 SegWit BTC ransom wallets
617 RSA public keys
1 affiliate (ID 25) behind everything

Every ransom demand, chat transcript, build config, and wallet ties back to affiliate ID 25. This looks like a solo op or a private sandbox instance—not the full LockBit cartel infrastructure.

Credentials on the panel? Stored as unsalted SHA-1 hashes. That’s 1998-grade password hygiene.

If any panel user reused their creds across infra, they’re already compromised.

GitHub - WellKnitTech/LockBitPanelDB: Repo of the SQL database from the LockBit panel being hacked.

Repo of the SQL database from the LockBit panel being hacked. - WellKnitTech/LockBitPanelDB

github.com

 

[Dread Pirate Roberts]

зеркало: https://xss.pro/threads/137289/post-974458

 

[wrong_answerHere]

Interestingly, the panel database also contains some payload.

 

[blackhat1717]

База данных Lockbite 4.0 2025 Fulldata
Включая почти 60 000 адресов Bitcoin, пользователей и более 4000 чатов с организациями-жертвами с 19 декабря 2024 года по 29 апреля 2025 года.

7.13 MB file on MEGA

mega.nz

https://gofile.io/d/e90a13a3-a468-4f76-a0d4-7ccb41a02f3d

 

[meateater]

"This content is not publicly accessible"

 

[dexter3]

повторите, пожалуйста

 

[seven1up]

meateater dexter3

https://gofile.io/d/uYLRyJ

https://send.exploit.in/download/a92188322ea2e000/#Sjr4PmybqbAKCWogTFd3ew