← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure
Insikt Group has identified a new threat actor, TAG-150, active since at least March 2025, characterized by rapid development, technical sophistication, responsiveness to public reporting, and a large, evolving infrastructure. The infrastructure linked to TAG-150 includes both victim-facing Tier 1 components, such as IP addresses and domains used as command-and-control (C2) servers for multiple malware families, and higher-tier infrastructure composed of multiple layers. Since emerging in March 2025, TAG-150 has deployed multiple likely self-developed malware families, starting with CastleLoader and CastleBot, and most recently CastleRAT, a remote access trojan documented here for the first time. Additionally, Insikt Group has identified multiple services likely leveraged by TAG-150, including file-sharing platforms, anti-detection services, and others.
Indicators of Compromise (32 / 133 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 01818e883a3d8efc6e2fea66f1b35b42 | MD5 of 7a682be245a2e51f473ee1c60d537e57423ab2c3d9ae990445cdb6e43aeb5c76 | 2025-09-08 | |
| FileHash-MD5 | 0ecd9c1d3597b1b8f7f7dd2798d15ca2 | MD5 of ce6a7af556090b3ff762e27058be2327e6c5188d6ed54703d794089f577fd20c | 2025-09-08 | |
| FileHash-MD5 | 22b5bf2931140fae49228ced1d1dd3d7 | MD5 of 53dddae886017fbfbb43ef236996b9a4d9fb670833dfa0c3eac982815dc8d2a5 | 2025-09-08 | |
| FileHash-MD5 | 27e0d4e10f601241ffb39ceada0c6bad | MD5 of 6d62210addb8268d0bd3e6ef0400d54c84e550ccad49f5867fdc51edc0c1db2c | 2025-09-08 | |
| FileHash-MD5 | 2e5e97bd2d075d8e42c2d95c421c3213 | MD5 of 1bb10490d6f13e80d874896428908f6b5758b9722b959841c369c6ddc435230e | 2025-09-08 | |
| FileHash-MD5 | 319bf29209542cf9dd0d6bb438eceece | MD5 of 85b4d29f2830a3be3a0f51fbe358bea1a35d2a8aaa6a24f5cc1f2e5d2769716e | 2025-09-08 | |
| FileHash-MD5 | 35f81d066028f5e69508956bed79d3ee | MD5 of 53775af67e9df206ed3f9c0a3756dbbc4968a77b1df164e9baddb51e61ac82df | 2025-09-08 | |
| FileHash-MD5 | 3de8f6cc47a47b4603292135e7adea59 | MD5 of e62684a48067d8bf5f219f007bb5908301ca3303b9c57a2f0c3212cf0eb8d7b7 | 2025-09-08 | |
| FileHash-MD5 | 4b139d1e079eb10ffd2543e22ea438dd | MD5 of 94dc0f696a46f3c225b0aa741fbd3b8997a92126d66d7bc7c9dd8097af0de52a | 2025-09-08 | |
| FileHash-MD5 | 4be1ae298b7174f13c9ef8dce3b7d800 | MD5 of 13a5c1a535c161fd2724423dad1dfa6885c705713569d4ed4f2ebf900df25ed7 | 2025-09-08 | |
| FileHash-MD5 | 52ecba80f6b8474761c3dd7436c978dd | MD5 of 39b40746de01af66c0e5ce5888df4c42e474adcdb4301275b1474423d7a0ff1f | 2025-09-08 | |
| FileHash-MD5 | 63c433a8987db6c3647d924bd3b8205e | MD5 of 282fa3476294e2b57aa9a8ab4bc1cc00f334197298e4afb2aae812b77e755207 | 2025-09-08 | |
| FileHash-MD5 | 673fc2eb59d71bbf406ba864a48de02b | MD5 of a97ff41736299857a3cae7c1917456eef5e0fcc703d0a1e475d0b9cfe42452c7 | 2025-09-08 | |
| FileHash-MD5 | 77eb5b37828586664f3befcf02072ffa | MD5 of c2054617b8dcb619749c0402dc31eeb473386b3829f17176bc27b1447a8b6d92 | 2025-09-08 | |
| FileHash-MD5 | 7bb83d32203f1604785ddc909bcce6da | MD5 of 5a741df3e4a61b8632f62109a65afc0f297f4ed03cd7e208ffd2ea5e2badf318 | 2025-09-08 | |
| FileHash-MD5 | 82c7d087f69e5594489ea1be1755e829 | MD5 of f2ff4cbcd6d015af20e4e858b0f216c077ec6d146d3b2e0cbe68b56b3db7a0be | 2025-09-08 | |
| FileHash-MD5 | 8e57620fc89bac21cdee0b40219b8341 | MD5 of f2e36ccfeb225009ae229a2be905deff587c471b8d47690dc7f5111e1bc611af | 2025-09-08 | |
| FileHash-MD5 | 9a0960c674378a049b8d9ad0e1c641c3 | MD5 of 8b7c1657f4d5cf0cc82d68c1f1a385adf0de27d46fc544bba249698e6b427856 | 2025-09-08 | |
| FileHash-MD5 | a0e6555acf7d7a273b76067f89884705 | MD5 of e6bcdf375649a7cbf092fcab65a24d832d8725d833e422e28dfa634498b00928 | 2025-09-08 | |
| FileHash-MD5 | ab82a9477c8c2f6e1753f8903ff1f99b | MD5 of b0b24ff78ab1c4322764bcb332254069504b168cb8aaca469bdf1d37f313d4d3 | 2025-09-08 | |
| FileHash-MD5 | ac77ab1a3f5a3691e23265bc495e84e8 | MD5 of 58d54e2454be3e4e9a8ea86a3f299a7a60529bc12d28394c5bdf8f858400ff7b | 2025-09-08 | |
| FileHash-MD5 | b8ddd22670522a352a7586303c785d62 | MD5 of 3dd877835c04fde3f2d14ce96f23a1c00002fefa9d731e8c4ce3b656aac90063 | 2025-09-08 | |
| FileHash-MD5 | c4b3b1ba2eebc4eca05a200f799dd38c | MD5 of f0e1963efa5bfa96ae1a1e370fa2c70a044a03279f2fdbf07391c7e08e295e93 | 2025-09-08 | |
| FileHash-MD5 | c51a8192f84bc62b343df185974a277d | MD5 of 2fcb76dfdfcd390658bbc032faafef607804d5d4a2f1c0005f274ab2e06d8af4 | 2025-09-08 | |
| FileHash-MD5 | c581969dc1561794c9b0adedbf2ac492 | MD5 of 60125159523c356d711ffa1076211359906e6283e25f75f4cf0f9dc8da6bf7b0 | 2025-09-08 | |
| FileHash-MD5 | c7fed6e5ad87ab5c13163300f2dfa500 | MD5 of a2feb262a667de704e5e08a8a705c69bbcc806e0d52f0f8e3f081a6aa6c8d7b4 | 2025-09-08 | |
| FileHash-MD5 | d195e39044641f3b1f74843318bca182 | MD5 of 05ecf871c7382b0c74e5bac267bb5d12446f52368bb1bfe5d2a4200d0f43c1d8 | 2025-09-08 | |
| FileHash-MD5 | d7ce6c361cf0a395853a7f06df22c71f | MD5 of 0fd7eb57f5f9d817dd497c1ce3be0791f5e798077f8dc2c3a4e2b2b0b0bdc2c6 | 2025-09-08 | |
| FileHash-MD5 | e77c5a2814c674f790b0ca2851fb3273 | MD5 of 88d16948e8cf885d475bc44afa477d2f5b38721e32248425a9e5429c48a4af26 | 2025-09-08 | |
| FileHash-MD5 | f1ecdad8fda4bdaa29fbda8f946a8e47 | MD5 of d51f81ee026df39447143b67eaf16326c30e0c9477c0d50507f1fbfffe53abd6 | 2025-09-08 | |
| FileHash-MD5 | f854cccacf472ca2d066a697125d8a71 | MD5 of 007f031d4ba5f964136fe73615f524eccdeced5cd7573c281bc1455d5cab2ff6 | 2025-09-08 | |
| FileHash-MD5 | f8fae59f47f269cb4ee50e701fddc76c | MD5 of 1ff6ee23b4cd9ac90ee569067b9e649c76dafac234761706724ae0c1943e4a75 | 2025-09-08 |