← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Iron Cybercrime Group Under The Scope
WHITE AlienVault 2018-05-29 Modified: 2018-05-29
168
IOCs
HIGH VOLUME
In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code. We discovered that this backdoor was developed by the Iron cybercrime group, the same group behind the Iron ransomware (rip-off Maktub ransomware recently discovered by Bart Parys), which we believe has been active for the past 18 months.
Indicators of Compromise (49 / 168 total)
All URL hostname FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://down.cacheoffer.tk/d2/xagent6.exe 2018-05-29
URL http://xmr.enjoytopic.tk/d/rigd32.txt 2018-05-29
URL http://cs.swb.one/ 2018-05-29
URL http://swb.one/ 2018-05-29
URL http://u.swb.one/cracksk 2018-05-29
URL http://bitcoinwallet8.com/ 2018-05-29
URL http://bitcoinwallet8.com/podivej-se-do-rozpracovanych 2018-05-29
URL http://blockchaln.info/ 2018-05-29
URL http://xmr.enjoytopic.tk/d/rigd64.txt 2018-05-29
URL http://pool.blockbitcoin.com/processor.js 2018-05-29
URL https://pool.blockbitcoin.com/lib/ 2018-05-29
URL https://pool.blockbitcoin.com/processor.js 2018-05-29
URL https://pool.blockbitcoin.com/proxy 2018-05-29
URL https://pool.blockbitcoin.com/worker.js 2018-05-29
URL http://xmr.enjoytopic.tk/d2/Xagent5.exe 2018-05-29
URL http://xmr.enjoytopic.tk/l/bashd 2018-05-29
URL http://xmr.enjoytopic.tk/l/bashe 2018-05-29
URL http://down.cacheoffer.tk/ 2018-05-29
URL http://down.cacheoffer.tk/d2/ 2018-05-29
URL http://down.cacheoffer.tk/d2/Xagent6.exe 2018-05-29
URL http://down.cacheoffer.tk/d2/core.exe 2018-05-29
URL http://down.cacheoffer.tk/d2/core.txt 2018-05-29
URL http://down.cacheoffer.tk/d2/gd32.txt 2018-05-29
URL http://down.cacheoffer.tk/d2/gd64.txt 2018-05-29
URL http://down.cacheoffer.tk/d2/ps5.sct 2018-05-29
URL http://down.cacheoffer.tk/d2/reg9.sct 2018-05-29
URL http://down.cacheoffer.tk/d2/reg99.sct 2018-05-29
URL http://down.cacheoffer.tk/d2/regxmr00.sct 2018-05-29
URL http://down.cacheoffer.tk/d2/sp.txt 2018-05-29
URL http://xmr.enjoytopic.tk/l2/rootv2.sh 2018-05-29
URL https://down.cacheoffer.tk/d2/ 2018-05-29
URL https://down.cacheoffer.tk/d2/core.exe 2018-05-29
URL http://ssl2.blockbitcoin.com/ 2018-05-29
URL https://ssl2.blockbitcoin.com/ 2018-05-29
URL https://ssl2.blockbitcoin.com/GYqK 2018-05-29
URL http://xmr.enjoytopic.tk/l/bashf 2018-05-29
URL http://xmr.enjoytopic.tk/l/lowerv2.sh 2018-05-29
URL http://xmr.enjoytopic.tk/l/r88.sh 2018-05-29
URL http://xmr.enjoytopic.tk/l/rootv2.sh 2018-05-29
URL http://xmr.enjoytopic.tk/r88.sh 2018-05-29
URL http://xmr.enjoytopic.tk/ 2018-05-29
URL http://xmr.enjoytopic.tk/d 2018-05-29
URL http://xmr.enjoytopic.tk/d/ 2018-05-29
URL http://xmr.enjoytopic.tk/d/fix.txt 2018-05-29
URL http://xmr.enjoytopic.tk/d/ps3.txt 2018-05-29
URL http://xmr.enjoytopic.tk/d/regxmr222.sct 2018-05-29
URL http://xmr.enjoytopic.tk/d/regxmr3.sct 2018-05-29
URL http://xmr.enjoytopic.tk/d/regxmr888.sct 2018-05-29
URL http://xmr.enjoytopic.tk/d/regxmr999.sct 2018-05-29
References (1)
↗ https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/