← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Interlock ransomware evolving under the radar
WHITE Interlock AlienVault 2025-04-16 Modified: 2025-11-06
201
IOCs
HIGH VOLUME
The Interlock ransomware group, active since September 2024, has shown adaptability and innovation in its tactics despite a relatively low victim count. They employ fake browser updates and the ClickFix technique for initial access, followed by a multi-stage attack chain involving PowerShell backdoors, credential stealers, and a custom Remote Access Trojan. The group targets various sectors across North America and Europe, conducting Big Game Hunting and double extortion campaigns. Interlock has been observed improving their tools, including evolving their PowerShell backdoor and modifying their ransom notes to emphasize legal repercussions. The group's focus on maintaining relevance while avoiding large-scale visibility suggests a strategic approach to their operations.
berserkstealerclickfixinterlock ratdouble extortionransomwareremote access trojaninterlock ransomwarecredential stealerfake updaterspowershell backdoorlumma
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Interlock RAT LummaStealer BerserkStealer Interlock ransomware
Indicators of Compromise (32 / 201 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 008a8c6d9e40a2a4d3a4f5eaae933458 2025-04-16
FileHash-MD5 0370bb98a484927c0f92d56dc4df570b 2025-04-16
FileHash-MD5 0952cf9ce25dbfb02211ce61f5db7e47 2025-04-16
FileHash-MD5 0be5482af8c6870747807965eb630e12 2025-04-16
FileHash-MD5 0c9a6ae1bda14f96ce7b9d88887d764c 2025-04-16
FileHash-MD5 184037959e93d3bc03ace947c4585f1f 2025-04-16
FileHash-MD5 194caa8fac0504df0a2e2db915bc4f23 2025-04-16
FileHash-MD5 1d19112b64c20319270a29785f518c10 2025-04-16
FileHash-MD5 1ec0fd382727a099214801b0734ab7a2 2025-04-16
FileHash-MD5 2aa92c59e9578ca3df36abedc126c8c0 2025-04-16
FileHash-MD5 36603966a6a70eab4b1584620c1bd84a 2025-04-16
FileHash-MD5 3f137dc2b12e814cbd21494f4903303b 2025-04-16
FileHash-MD5 42cd1fedca04622419429080e92c03ef 2025-04-16
FileHash-MD5 4435a7326a011633c755976466405b08 2025-04-16
FileHash-MD5 451886c420f85eba28c3a3cd477c7ab7 2025-04-16
FileHash-MD5 4db4b2463cc95483b7c6a2539caee516 2025-04-16
FileHash-MD5 4f0e732b9faf24c2e09cea6dbb56cc1c 2025-04-16
FileHash-MD5 5268d1d538d99f10da94b3d1649fbe72 2025-04-16
FileHash-MD5 587fa2970c19cd55bc4c2bbe984d731f 2025-04-16
FileHash-MD5 631d393910f71724d0f295e38898c986 2025-04-16
FileHash-MD5 658d49874a0a8f1db4387e4ba43ab3d3 2025-04-16
FileHash-MD5 686c57adc6199971e61975983752f24f 2025-04-16
FileHash-MD5 6c3b2558fc8cfcb2751437b6e5cdeb6f 2025-04-16
FileHash-MD5 8bf60bab86b0f501aecd48308b1d2c18 2025-04-16
FileHash-MD5 bf70fb955bf138a71be3018a6a03c347 2025-04-16
FileHash-MD5 c1846f9b6ea365c61dbc7c2c9b0e44c0 2025-04-16
FileHash-MD5 d5821c3e83a71698667038ff954f31f5 2025-04-16
FileHash-MD5 ea937d71ab96f033f9d7af4ebba2dc52 2025-04-16
FileHash-MD5 f053612bca3337a2abb20ed65c1534b7 2025-04-16
FileHash-MD5 f4ae10ad2532db6496e2e0f70d694b88 2025-04-16
FileHash-MD5 f76d907ca3817a8b2967790315265469 2025-04-16
FileHash-MD5 f7f679420671b7e18677831d4d276277 2025-04-16
References (1)
↗ https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar