Rectifyq📃Title: INDOHAXSEC – Emerging Indonesian Hacking Collective
📅Date: 2025-03-13
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- country=“indonesia”
- producer= Arctic-Wolf
- target-information=“India”
- target-information=“Israel”
- target-information=“Malaysia”
- threat-actor= INDOHAXSEC-TEAM
- mitre-attack-pattern=[]
MISP event uuid: 28430985-18eb-444f-bc75-8d174a1150bb
Indicator of Compromise (IoCs)
type,value,comment
md5, 0ec283c1e655306879a8d5b2be05570b, 'x.php'
md5, 2773a619e4b1d3582244255520dae58c, 'masal.php'
md5, 059e9c42514fadc19db18ca8405f38c3, 'minishell.php'
md5, 9ae5ea27d1187336a31fc21d71192ccc, 'ikeh.php'
md5, 1dfded44293e4e2c01c36c120adbec5a, 'rudal1.py, misil.py'
md5, bea9e27b83714ff2f15a770aa8614aa7, 'scrape.py'
md5, 5c351dad79c65ed0acd0f62cae98cb75, 'dancokware.php'
md5, d4f8248c4dc809aea91299ef6b2d9f0e, 'ransomweb.php'
sha256, cd8a7350b07311f2257eba7ed5d992cf7f00e869461f9a2c3c2003a05bfdcce0, 'indohaxsec.php No sample in VT\r\nLast check:18/03/2025'
sha256, 9391014b5a567f4821603c97802c38d8f3053469f47533c57bcfdb787fd9cd57, '404.php No sample in VT\r\nLast check:18/03/2025'
sha256, 3b1cb2248bf6b2c9cb493f6ef226a943042ccd8a5e98f4869c55a4efe0a0f835, 'selbaru.php No sample in VT\r\nLast check:18/03/2025'
sha256, 464087d09b85c0bbed20e5369264ae21537926da24efca8aed4136c70fe5b1e0, 'ihs_ori.php No sample in VT\r\nLast check:18/03/2025'
sha256, eae18c62dbb29bc6749347d410a16b190cb1b2fdaff6d8318ca9ecb5e572391d, 'GOD.php No sample in VT\r\nLast check:18/03/2025'
sha256, efd85fd28bcf10f32f0ac934ee0e9e71d34a0cbae66ee83abad9a929c3ca91f9, 'bocil.php No sample in VT\r\nLast check:18/03/2025'
sha256, 7fd271225602c021306c68157a2e17ace5f42853b4762c49f4d82ae8a4e2ebe3, 'pwssd.txt No sample in VT\r\nLast check:18/03/2025'
sha256, 02c3d44ec9a44558f516a5922b09b736c5786d2a675b89b2e86ce8f16e4041b6, 'ihs.php No sample in VT\r\nLast check:18/03/2025'
sha256, 0c5e744a5aefe6d6d432b85c33f92f2e2beb75af311421806acb550f766dda41, 'lock.html No sample in VT\r\nLast check:18/03/2025'
sha256, 658f468bc8a762ebef233d284bccb97d64d5b214ea49d9c1cac8b9976ee6c3dc, 'xss.pyc No sample in VT\r\nLast check:18/03/2025'
sha256, 1ba3ce9a93262e82a660b8b566134e08fa9680de8716a2893e4e4617086276f4, 'rudal3.py, nuklir.py No sample in VT\r\nLast check:18/03/2025'
sha256, 959cce59fc5d15540e348945b0a18516d9afb56b1f21fd2db4ed209e87cf2657, 'rudal2.js, Rudal.js No sample in VT\r\nLast check:18/03/2025'
sha256, 393bff0edb5c229064ba54343eb38ba1b301246caaa30c20021776c822383bf2, 'proxy.txt No sample in VT\r\nLast check:18/03/2025'
sha256, 49cf4ae0d9ffbfc0ff4918e34b1c5b066e62663eeee6da4d0fa91172850e03d6, 'white.php No sample in VT\r\nLast check:18/03/2025'
url, https://t.me/INDOHAXSEC, ''
Full IOCs available in Rectifyq’s MISP