TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base
Jan. 31, 2025, 10:39 a.m.
Description
Insikt Group has identified a complex infrastructure linked to the traffic distribution system TAG-124, which overlaps with several threat activity clusters and includes compromised WordPress sites and various servers. Multiple threat actors, including operators of Rhysida and Interlock ransomware, use TAG-124, reinforcing their connection through shared tactics and tools. Insikt Group anticipates that TAG-124 will continue to evolve and attract more users within the cybercriminal ecosystem.
Tags
Date
- Created: Jan. 31, 2025, 10:09 a.m.
- Published: Jan. 31, 2025, 10:09 a.m.
- Modified: Jan. 31, 2025, 10:39 a.m.
Indicators
- d738eef8756a03a516b02bbab0f1b06ea240efc151f00c05ec962d392cfddb93
- 97105ed172e5202bc219d99980ebbd01c3dfd7cd5f5ac29ca96c5a09caa8af67
- 9d508074a830473bf1dee096b02a25310fa7929510b880a5875d3c316617dd50
- ccdf82b45b2ee9173c27981c51958e44dee43131edfbce983b6a5c146479ac33
- 95b9c9bf8fa3874ad9e6204f408ce162cd4ae7a8253e69c3c493188cb9d1f4da
- 950f1f8d94010b636cb98be774970116d98908cd4c45fbb773e533560a4beea7
- 941fa9119eb1413fdd4f05333e285c49935280cc85f167fb31627012ef71a6b3
- 92d2488e401d24a4bfc1598d813bc53af5c225769efedf0c7e5e4083623f4486
- 8d911ef72bdb4ec5b99b7548c0c89ffc8639068834a5e2b684c9d78504550927
- 7f8e9d7c986cc45a78c0ad2f11f28d61a4b2dc948c62b10747991cb33ce0e241
- 7b8d4b1ab46f9ad4ef2fd97d526e936186503ecde745f5a9ab9f88397678bc96
- 7ea83cca00623a8fdb6c2d6268fa0d5c4e50dbb67ab190d188b8033d884e4b75
- 77dc705cecbc29089c8e9eea3335ba83de57a17ed99b0286b3d9301953a84eca
- 77bd80e2a7c56eb37a33c2a0518a27deb709068fdc66bd1e00b5d958a25c7ad8
- 7683d38c024d0f203b374a87b7d43cc38590d63adb8e5f24dff7526f5955b15a
- 700f1afeb67c105760a9086b0345cb477737ab62616fd83add3f7adf9016c5e5
- 67b5b54c85e7590d81a404d6c7ea7dd90d4bc773785c83b85bcce82cead60c37
- 57e9e1e3ebd78d4878d7bb69e9a2b0d0673245a87eb56cf861c7c548c4e7b457
- 6464cdbfddd98f3bf6301f2bf525ad3642fb18b434310ec731de08c79e933b3e
- 4fa213970fdef39d2506a1bd4f05a7ceee191d916b44b574022a768356951a23
- 43f4ca1c7474c0476a42d937dc4af01c8ccfc20331baa0465ac0f3408f52b2e2
- 46aac6bf94551c259b4963157e75073cb211310e2afab7a1c0eded8a175d0a28
- 42c1550b035353ae529e98304f89bf6065647833e582d08f0228185b493d0022
- 430fd4d18d22d0704db1c4a1037d8e1664bfc003c244650cb7538dbe7c3be63e
- 42d7135378ed8484a6a86a322ea427765f2e4ad37ee6449691b39314b5925a27
- 342b889d1d8c81b1ba27fe84dec2ca375ed04889a876850c48d2b3579fbac206
- 2da62d1841a6763f279c481e420047a108da21cd5e16eae31661e6fd5d1b25d7
- 28c49af7c95ab41989409d2c7f98e8f8053e5ca5f7a02b2a11ad4374085ec6ff
- 22dc96b3b8ee42096c66ab08e255adce45e5e09a284cbe40d64e83e812d1b910
- 183c57d9af82964bfbb06fbb0690140d3f367d46d870e290e2583659609b19f2
- 64.95.12.98
- 64.95.12.38
- 64.95.11.184
- 64.94.85.98
- 64.94.85.248
- 64.190.113.41
- 64.7.198.66
- 64.190.113.111
- 193.149.176.223
- 216.245.184.210
- 162.33.178.63
- 162.33.178.113
- 162.33.178.59
- 162.33.177.82
- 146.70.41.191
- 162.33.177.36
- 64.95.11.65
- 193.149.176.179
- 216.245.184.225
- 162.33.178.75
- winworld.es
- true-blood.net
- saighbuzu32uvv.top
- robnzuwubz.top
- riuzvi4tc.top
- rifiziec.top
- pretoria24.top
- mysamsung7.shop
- nvidias.shop
- mobileyas.shop
- micronsoftwares.com
- mgjabikgjhhambm.top
- melmejkjaakiakn.top
- mcajijknegnbbga.top
- kjalcimbfaaddff.top
- khcjgjmfjgdleag.top
- kffgkjmjangegkg.top
- imfiejalbhhgijl.top
- ikjfjkkagafbdke.top
- ikhgijabfnkajem.top
- iadkainhkafngnk.top
- gubyzywey6b.top
- gnmdjjckbgddaie.top
- getazurecommand.icu
- get-iwrreq.top
- get-azurecommand.icu
- gbkffjcglabkmne.top
- gdihcicdghmcldd.top
- futnbuzj3nh.top
- fpziviec.top
- faybzuy3byz2v.top
- expressbuycomputers.shop
- ejlhaidjmhcmami.top
- ehnediemcaffbij.top
- eebchjechginddk.top
- dating2go.store
- cryptotap.site
- cryptoslate.cc
- cmcuauec.top
- cmcebigeiajbfcb.top
- cljhkcjfimibhci.top
- ckebfjgimhmjgmb.top
- cignjjgmdnbchhc.top
- bkkeiekjfcdaaen.top
- azuregetrequest.icu
- azurearc-cdn.top
- azure-getrequest.icu
- anjmhjidinfmlci.top
- adednihknaalilg.top
- amdradeon.shop
- abhbdiiaehdejgh.top
- 527newagain.top
Attack Patterns
- MintsLoader
- CleanUpLoader
- PyInstaller
- Remcos - S0332
- TAG-124
- T1608.004
- T1584.001
- T1583.001
- T1587.001
- T1583.004
- T1583.003