3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Rostislav Panev

Rostislav Panev

ID: d28b94a961d1d4733d0fdeb9d1774fce
Cybercrime Cybercriminal
Threat types: Ransomware, RaaS
Russia
Updated: 2026-03-05
Created: 2026-03-04
Progress: 67% Completeness: 66% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Panev
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium-high
Actor Techniques page ATT&CK® Diagram

Rostislav Panev is publicly charged as a developer of the LockBit ransomware group. His profile represents a platform/core enablement role in a RaaS ecosystem, supporting capability that affiliates deploy. Official reporting covers arrest in Israel (Aug 2024), charging (Dec 2024), and extradition to the U.S. (Mar 2025). Mapping below emphasizes platform-enabled behaviors and extortion lifecycle rather than single-incident execution details.


Technique Technique name Tactics Evidence
T1587.001 Malware TA0042
  • 2024-12-20 — Developer role implies contribution to ransomware tooling as part of the LockBit operation (platform capability enabling affiliates). · ref
T1486 Data Encrypted for Impact TA0040
  • 2024-12-20 — LockBit ransomware capability is the core impact mechanism affiliates deploy; developer role supports payload evolution and execution at scale. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2024-12-20 — Double-extortion model discussed in LockBit ecosystem context implies data exfiltration prior to publication; execution is affiliate/campaign dependent. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2024-12-20 — Publication pressure and leak-site dynamics are part of the LockBit extortion model; infrastructure is time-bounded and evolves. · ref
T1654 Log Enumeration TA0007
  • 2024-12-20 — Extortion and ransom-demand communications are inherent to LockBit RaaS operations; developer role enables platform consistency. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-06T00:38:39+00:00

Rostislav Panev (LockBit developer) — Individual defendant — LockBit developer (platform/core enablement role)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Rostislav Panev (LockBit developer)

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Rostislav Panev (LockBit platform context)

Scope: Although Panev is described as a developer, defenders need detection for the LockBit ecosystem behaviors the platform enables. This playbook focuses on the most durable, cross-affiliate mid-chain signals.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-06T00:40:40+00:00

IOC Appendix — Rostislav Panev (LockBit developer context)

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-06T00:41:07+00:00

OSINT Library — Rostislav Panev (LockBit developer)


2025-03-13 — U.S. Attorney’s Office (D.N.J.) — “Dual Russian and Israeli National Extradited to the United States for His Role as a Developer…”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.