{ "name": "TAG-124\u2019s Multi-Layered TDS Infrastructure and Extensive User Base", "slug": "tag-124s-multi-layered-tds-infrastructure-and-extensive-user-base", "description": "Insikt Group has identified a complex infrastructure linked to the traffic distribution system TAG-124, which overlaps with several threat activity clusters and includes compromised WordPress sites and various servers. Multiple threat actors, including operators of Rhysida and Interlock ransomware, use TAG-124, reinforcing their connection through shared tactics and tools. Insikt Group anticipates that TAG-124 will continue to evolve and attract more users within the cybercriminal ecosystem.", "published": "2025-01-31T09:09:56+00:00", "created_at": "2025-01-31T09:09:56+00:00", "modified_at": "2025-01-31T09:39:31+00:00", "created_at_opencti": "2025-01-31T09:09:56+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-01-31", "cleanuploader", "mintsloader", "remcos", "ta582", "tag-124" ], "related_entities": { "observables": [ { "id": "", "name": "64.95.12.98" }, { "id": "", "name": "64.95.12.38" }, { "id": "", "name": "64.95.11.184" }, { "id": "", "name": "64.94.85.98" }, { "id": "", "name": "64.94.85.248" }, { "id": "", "name": "64.190.113.41" }, { "id": "", "name": "64.7.198.66" }, { "id": "", "name": "64.190.113.111" }, { "id": "", "name": "193.149.176.223" }, { "id": "", "name": "216.245.184.210" }, { "id": "", "name": "162.33.178.63" }, { "id": "", "name": "162.33.178.113" }, { "id": "", "name": "162.33.178.59" }, { "id": "", "name": "162.33.177.82" }, { "id": "", "name": "146.70.41.191" }, { "id": "", "name": "162.33.177.36" }, { "id": "", "name": "64.95.11.65" }, { "id": "", "name": "193.149.176.179" }, { "id": "", "name": "216.245.184.225" }, { "id": "", "name": "162.33.178.75" }, { "id": "", "name": "winworld.es" }, { "id": "", "name": "true-blood.net" }, { "id": "", "name": "saighbuzu32uvv.top" }, { "id": "", "name": "robnzuwubz.top" }, { "id": "", "name": "riuzvi4tc.top" }, { "id": "", "name": "rifiziec.top" }, { "id": "", "name": "pretoria24.top" }, { "id": "", "name": "mysamsung7.shop" }, { "id": "", "name": "nvidias.shop" }, { "id": "", "name": "mobileyas.shop" }, { "id": "", "name": "micronsoftwares.com" }, { "id": "", "name": "mgjabikgjhhambm.top" }, { "id": "", "name": "melmejkjaakiakn.top" }, { "id": "", "name": "mcajijknegnbbga.top" }, { "id": "", "name": "kjalcimbfaaddff.top" }, { "id": "", "name": "khcjgjmfjgdleag.top" }, { "id": "", "name": "kffgkjmjangegkg.top" }, { "id": "", "name": "imfiejalbhhgijl.top" }, { "id": "", "name": "ikjfjkkagafbdke.top" }, { "id": "", "name": "ikhgijabfnkajem.top" }, { "id": "", "name": "iadkainhkafngnk.top" }, { "id": "", "name": "gubyzywey6b.top" }, { "id": "", "name": "gnmdjjckbgddaie.top" }, { "id": "", "name": "getazurecommand.icu" }, { "id": "", "name": "get-iwrreq.top" }, { "id": "", "name": "get-azurecommand.icu" }, { "id": "", "name": "gbkffjcglabkmne.top" }, { "id": "", "name": "gdihcicdghmcldd.top" }, { "id": "", "name": "futnbuzj3nh.top" }, { "id": "", "name": "fpziviec.top" }, { "id": "", "name": "faybzuy3byz2v.top" }, { "id": "", "name": "expressbuycomputers.shop" }, { "id": "", "name": "ejlhaidjmhcmami.top" }, { "id": "", "name": "ehnediemcaffbij.top" }, { "id": "", "name": "eebchjechginddk.top" }, { "id": "", "name": "dating2go.store" }, { "id": "", "name": "cryptotap.site" }, { "id": "", "name": "cryptoslate.cc" }, { "id": "", "name": "cmcuauec.top" }, { "id": "", "name": "cmcebigeiajbfcb.top" }, { "id": "", "name": "cljhkcjfimibhci.top" }, { "id": "", "name": "ckebfjgimhmjgmb.top" }, { "id": "", "name": "cignjjgmdnbchhc.top" }, { "id": "", "name": "bkkeiekjfcdaaen.top" }, { "id": "", "name": "azuregetrequest.icu" }, { "id": "", "name": "azurearc-cdn.top" }, { "id": "", "name": "azure-getrequest.icu" }, { "id": "", "name": "anjmhjidinfmlci.top" }, { "id": "", "name": "adednihknaalilg.top" }, { "id": "", "name": "amdradeon.shop" }, { "id": "", "name": "abhbdiiaehdejgh.top" }, { "id": "", "name": "527newagain.top" }, { "id": "", "name": "d738eef8756a03a516b02bbab0f1b06ea240efc151f00c05ec962d392cfddb93" }, { "id": "", "name": "97105ed172e5202bc219d99980ebbd01c3dfd7cd5f5ac29ca96c5a09caa8af67" }, { "id": "", "name": "9d508074a830473bf1dee096b02a25310fa7929510b880a5875d3c316617dd50" }, { "id": "", "name": "ccdf82b45b2ee9173c27981c51958e44dee43131edfbce983b6a5c146479ac33" }, { "id": "", "name": "95b9c9bf8fa3874ad9e6204f408ce162cd4ae7a8253e69c3c493188cb9d1f4da" }, { "id": "", "name": "950f1f8d94010b636cb98be774970116d98908cd4c45fbb773e533560a4beea7" }, { "id": "", "name": "941fa9119eb1413fdd4f05333e285c49935280cc85f167fb31627012ef71a6b3" }, { "id": "", "name": "92d2488e401d24a4bfc1598d813bc53af5c225769efedf0c7e5e4083623f4486" }, { "id": "", "name": "8d911ef72bdb4ec5b99b7548c0c89ffc8639068834a5e2b684c9d78504550927" }, { "id": "", "name": "7f8e9d7c986cc45a78c0ad2f11f28d61a4b2dc948c62b10747991cb33ce0e241" }, { "id": "", "name": "7b8d4b1ab46f9ad4ef2fd97d526e936186503ecde745f5a9ab9f88397678bc96" }, { "id": "", "name": "7ea83cca00623a8fdb6c2d6268fa0d5c4e50dbb67ab190d188b8033d884e4b75" }, { "id": "", "name": "77dc705cecbc29089c8e9eea3335ba83de57a17ed99b0286b3d9301953a84eca" }, { "id": "", "name": "77bd80e2a7c56eb37a33c2a0518a27deb709068fdc66bd1e00b5d958a25c7ad8" }, { "id": "", "name": "7683d38c024d0f203b374a87b7d43cc38590d63adb8e5f24dff7526f5955b15a" }, { "id": "", "name": "700f1afeb67c105760a9086b0345cb477737ab62616fd83add3f7adf9016c5e5" }, { "id": "", "name": "67b5b54c85e7590d81a404d6c7ea7dd90d4bc773785c83b85bcce82cead60c37" }, { "id": "", "name": "57e9e1e3ebd78d4878d7bb69e9a2b0d0673245a87eb56cf861c7c548c4e7b457" }, { "id": "", "name": "6464cdbfddd98f3bf6301f2bf525ad3642fb18b434310ec731de08c79e933b3e" }, { "id": "", "name": "4fa213970fdef39d2506a1bd4f05a7ceee191d916b44b574022a768356951a23" }, { "id": "", "name": "43f4ca1c7474c0476a42d937dc4af01c8ccfc20331baa0465ac0f3408f52b2e2" }, { "id": "", "name": "46aac6bf94551c259b4963157e75073cb211310e2afab7a1c0eded8a175d0a28" }, { "id": "", "name": "42c1550b035353ae529e98304f89bf6065647833e582d08f0228185b493d0022" }, { "id": "", "name": "430fd4d18d22d0704db1c4a1037d8e1664bfc003c244650cb7538dbe7c3be63e" }, { "id": "", "name": "42d7135378ed8484a6a86a322ea427765f2e4ad37ee6449691b39314b5925a27" }, { "id": "", "name": "342b889d1d8c81b1ba27fe84dec2ca375ed04889a876850c48d2b3579fbac206" }, { "id": "", "name": "2da62d1841a6763f279c481e420047a108da21cd5e16eae31661e6fd5d1b25d7" }, { "id": "", "name": "28c49af7c95ab41989409d2c7f98e8f8053e5ca5f7a02b2a11ad4374085ec6ff" }, { "id": "", "name": "22dc96b3b8ee42096c66ab08e255adce45e5e09a284cbe40d64e83e812d1b910" }, { "id": "", "name": "183c57d9af82964bfbb06fbb0690140d3f367d46d870e290e2583659609b19f2" } ], "malware": [ { "id": "038e063c-cead-4de8-902e-d6fabcd78a08", "name": "MintsLoader", "slug": "mintsloader" }, { "id": "legacy:malware:3cd720878630dd5a", "name": "CleanUpLoader", "slug": "cleanuploader" }, { "id": "legacy:malware:a75cd902b521bdce", "name": "PyInstaller", "slug": "pyinstaller" }, { "id": "legacy:malware:b4151ca1cdc60ee8", "name": "Remcos - S0332", "slug": "remcos-s0332" } ], "intrusion_sets": [ { "id": "66fab1e9-3b18-40e3-af75-d8930920014c", "name": "TAG-124", "slug": "tag-124" } ], "attack_patterns": [ { "id": "30f6a233-a437-4146-987a-3e42ae12889a", "name": "T1608.004" }, { "id": "21fd9920-9bc7-4ba5-8cdd-3022c0ef4e9d", "name": "T1584.001" }, { "id": "d19f56ca-5ce8-4bd1-af90-7d83e394470c", "name": "T1583.001" }, { "id": "3e7e47ba-d8ad-4aa8-a4fc-1167cec2e125", "name": "T1587.001" }, { "id": "effdd452-1540-48f5-9fff-347c7526f6ba", "name": "T1583.004" }, { "id": "320df345-a473-4f17-9588-6cd021c14bd3", "name": "T1583.003" } ] }, "external_refs": [ "https://www.recordedfuture.com/research/tag-124-multi-layered-tds-infrastructure-extensive-user-base", "https://otx.alienvault.com/pulse/679ca175bea14c5736a7310a" ] }