3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Mikhail Vasiliev

Mikhail Vasiliev

ID: 88ff27f2acb71cc2057d85d862e98cd8
Cybercrime Cybercriminal
Threat types: Ransomware, RaaS
Russia
Updated: 2026-03-05
Created: 2026-03-04
Progress: 69% Completeness: 69% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Digitalocean90 Digitalwaters99 Di************ F***
Gh******** Ne******** Va******
Showing 2 of 7 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium-high
Actor Techniques page ATT&CK® Diagram

Mikhail Vasiliev is publicly documented as a LockBit ransomware affiliate (executor) charged in 2022 and pleading guilty in 2024. Public case materials describe multi-year participation and multiple online aliases. As an affiliate, his activity aligns to an intrusion-to-encryption and double-extortion lifecycle, while initial access and tooling specifics remain campaign-dependent in curated public summaries.


Technique Technique name Tactics Evidence
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2024-07-18 — Affiliate operations are described as involving unlawful access to victim networks prior to deployment (specific method not exhaustively enumerated in the public summary). · ref
T1021.002 SMB/Windows Admin Shares TA0008
  • 2022-11-10 — INFERENCE (confidence: medium): affiliate deployment at scale typically relies on remote services and admin tooling to spread across networks; treat as a high-probability mid-chain behavior. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2024-07-18 — Double extortion model implies data theft/exfiltration prior to publication; specific mechanisms vary by campaign. · ref
T1486 Data Encrypted for Impact TA0040
  • 2024-07-18 — Deployment of LockBit ransomware and encryption is explicitly described as part of affiliate operations. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2024-07-18 — Publication of stolen victim data on a publicly accessible site under LockBit control is described as the consequence when ransoms are not paid. · ref
T1654 Log Enumeration TA0007
  • 2022-11-10 — Ransom demand communications are inherent to the charged extortion activity; mechanism is part of the affiliate workflow. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-06T00:23:29+00:00

Mikhail Vasiliev — Individual defendant — LockBit affiliate (ransomware deployment + extortion)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Mikhail Vasiliev (LockBit affiliate)

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Mikhail Vasiliev (LockBit affiliate behavior)

Scope: Affiliate-driven ransomware behaviors. Focus on mid-chain telemetry because initial access vectors vary across campaigns and are not consistently enumerated in public case summaries.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-06T00:25:12+00:00

IOC Appendix — Mikhail Vasiliev (LockBit affiliate)

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-06T00:25:34+00:00

OSINT Library — Mikhail Vasiliev (LockBit affiliate)


2022-11-10 — U.S. DOJ (OPA) — “Man Charged for Participation in LockBit Global Ransomware Campaign”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.