← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Interlock ransomware evolving under the radar
WHITE Interlock AlienVault 2025-04-16 Modified: 2025-11-06
201
IOCs
HIGH VOLUME
The Interlock ransomware group, active since September 2024, has shown adaptability and innovation in its tactics despite a relatively low victim count. They employ fake browser updates and the ClickFix technique for initial access, followed by a multi-stage attack chain involving PowerShell backdoors, credential stealers, and a custom Remote Access Trojan. The group targets various sectors across North America and Europe, conducting Big Game Hunting and double extortion campaigns. Interlock has been observed improving their tools, including evolving their PowerShell backdoor and modifying their ransom notes to emphasize legal repercussions. The group's focus on maintaining relevance while avoiding large-scale visibility suggests a strategic approach to their operations.
berserkstealerclickfixinterlock ratdouble extortionransomwareremote access trojaninterlock ransomwarecredential stealerfake updaterspowershell backdoorlumma
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Interlock RAT LummaStealer BerserkStealer Interlock ransomware
Indicators of Compromise (37 / 201 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 17fea856119b6b332c94218e07f6d3dd7dfd0664 2025-04-16
FileHash-SHA1 1cb6a93e6d2d86d3479a1ea59f7d5b258f1c5c53 2025-04-16
FileHash-SHA1 25892dd9cb2ac5b6a84a995c828739751543c3e4 2025-04-16
FileHash-SHA1 277a4203fcf20e87f2748fe58bbe8eb3c5c21162 2025-04-16
FileHash-SHA1 28c2d7a25ae0c25b1cef31b7407b40cf59c11c88 2025-04-16
FileHash-SHA1 2950e67318b9aef887cb50b7a97de5365e3c20ae 2025-04-16
FileHash-SHA1 37d3c9b5e1e0f70c24a990c75e37953639017098 2025-04-16
FileHash-SHA1 3e4b50269bc38cd14aa7472280ad804224a8700c 2025-04-16
FileHash-SHA1 42c0af54d2485393576def0611ff7949f5b9a7dd 2025-04-16
FileHash-SHA1 453584d662d9f70fac8b74f1fd4ac448509da205 2025-04-16
FileHash-SHA1 4ed5f0174326c083ac179de9fc8005ffc4540b35 2025-04-16
FileHash-SHA1 599556ce6782fd0e0f8c0c9fd75914a735780e13 2025-04-16
FileHash-SHA1 6a03f47be9732608c89b5143803c68bd9b30ce40 2025-04-16
FileHash-SHA1 6fe749873d6ec0976d0d8262878a8772671e21b8 2025-04-16
FileHash-SHA1 71930c3445ab4271ab00bf4d680171b5256c2f12 2025-04-16
FileHash-SHA1 79fbf19fd5624b7a3dc8e182d9944d6ddb167188 2025-04-16
FileHash-SHA1 88bf4231b0da780c0ff3e4b0ea71e2c14633cf8c 2025-04-16
FileHash-SHA1 8a38825ee33980a27ab6970e090a30a46226f752 2025-04-16
FileHash-SHA1 9336064f299c05ee8e66c54bb6f3a97304c4b804 2025-04-16
FileHash-SHA1 a8007339971f9ab233b5f73155f2f5035e7cdac6 2025-04-16
FileHash-SHA1 ab8363fd61d12a0091a57b51d18c5c8f0df3ebf0 2025-04-16
FileHash-SHA1 be16f74dea803fda9e2f6bcc040e40ae02017dd4 2025-04-16
FileHash-SHA1 beb89417e1587d99bac37ae65523e2aa23a985bb 2025-04-16
FileHash-SHA1 c9afa10c847371831cdeb60a4161099e85f04d2b 2025-04-16
FileHash-SHA1 d649115e5b88ab5ddf3ea3aa8782f842da230b24 2025-04-16
FileHash-SHA1 de7426152612bdd93daae660e7639c8f98f4f6ce 2025-04-16
FileHash-SHA1 e098b045c6ba54fcb46ce2e8af65188de95be6c6 2025-04-16
FileHash-SHA1 e5b447528cd3bc2a3c4e1fe41c192ca22f11142d 2025-04-16
FileHash-SHA1 f12ab7a8d73c04fe2162a0ba67463be2766204a0 2025-04-16
FileHash-SHA1 f988b144d8df1fd09055c170a2b7297788c96b4f 2025-04-16
FileHash-SHA1 fdaaede04ad1cceed53772207b045a4f53902b18 2025-04-16
FileHash-SHA1 ff984232ea617e230a38633055cbfcebace05117 2025-04-16
FileHash-SHA1 05d849fee782da2f7455995585a549f134ef2e3c 2025-04-16
FileHash-SHA1 0a33d0cbfe206a9f8853fbcd7beccb05f5722d11 2025-04-16
FileHash-SHA1 743be93af36f51283a4b6e470d09d235e3f8eeeb 2025-04-16
FileHash-SHA1 c0803468951064865186780201d348e38465afc5 2025-04-16
FileHash-SHA1 d989ecca44efd8aeb5ed69120d404553312afc07 2025-04-16
References (1)
↗ https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar