← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base
WHITE TAG-124 AlienVault 2025-01-31 Modified: 2025-03-02
96
IOCs
HIGH VOLUME
Insikt Group has identified a complex infrastructure linked to the traffic distribution system TAG-124, which overlaps with several threat activity clusters and includes compromised WordPress sites and various servers. Multiple threat actors, including operators of Rhysida and Interlock ransomware, use TAG-124, reinforcing their connection through shared tactics and tools. Insikt Group anticipates that TAG-124 will continue to evolve and attract more users within the cybercriminal ecosystem.
TAG-124MintsLoaderTA582CleanUpLoaderREMCOS
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
CleanUpLoader MintsLoader PyInstaller Remcos - S0332
Indicators of Compromise (7 / 96 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 13fd064b0795dfd75a9304243c2f0bd6 MD5 of 77dc705cecbc29089c8e9eea3335ba83de57a17ed99b0286b3d9301953a84eca 2025-01-31
FileHash-MD5 1d93573d0d4457c8933526cfe3c57120 MD5 of 92d2488e401d24a4bfc1598d813bc53af5c225769efedf0c7e5e4083623f4486 2025-01-31
FileHash-MD5 44cd8679a006933ba745e3b89bdbb8fa MD5 of 941fa9119eb1413fdd4f05333e285c49935280cc85f167fb31627012ef71a6b3 2025-01-31
FileHash-MD5 53ef19d7be0ba3e806e8dc558737725a MD5 of 2da62d1841a6763f279c481e420047a108da21cd5e16eae31661e6fd5d1b25d7 2025-01-31
FileHash-MD5 614cc21ab0f47b6006bebef6f6dfe19a MD5 of 43f4ca1c7474c0476a42d937dc4af01c8ccfc20331baa0465ac0f3408f52b2e2 2025-01-31
FileHash-MD5 b4311ca7f93f5bd2725d41a6e0d2631a MD5 of 430fd4d18d22d0704db1c4a1037d8e1664bfc003c244650cb7538dbe7c3be63e 2025-01-31
FileHash-MD5 c35d379eb011c6d6c31118eb66b24f60 MD5 of 342b889d1d8c81b1ba27fe84dec2ca375ed04889a876850c48d2b3579fbac206 2025-01-31
References (1)
↗ https://www.recordedfuture.com/research/tag-124-multi-layered-tds-infrastructure-extensive-user-base