2025-03-13 INDOHAXSEC – Emerging Indonesian Hacking Collective

📃Title: INDOHAXSEC – Emerging Indonesian Hacking Collective
📅Date: 2025-03-13
🔗References:

• https://arcticwolf.com/resources/blog/indohaxsec-emerging-indonesian-hacking-collective/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: TA-profile
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• country=“indonesia”
• producer Arctic-Wolf
• target-information=“India”
• target-information=“Israel”
• target-information=“Malaysia”
• threat-actor INDOHAXSEC-TEAM
• mitre-attack-pattern=[]

MISP event uuid: 28430985-18eb-444f-bc75-8d174a1150bb

Indicator of Compromise (IoCs)

type,value,comment
sha256, cd8a7350b07311f2257eba7ed5d992cf7f00e869461f9a2c3c2003a05bfdcce0, 'indohaxsec.php No sample in VT\r\nLast check:18/03/2025'
sha256, 9391014b5a567f4821603c97802c38d8f3053469f47533c57bcfdb787fd9cd57, '404.php No sample in VT\r\nLast check:18/03/2025'
sha256, 3b1cb2248bf6b2c9cb493f6ef226a943042ccd8a5e98f4869c55a4efe0a0f835, 'selbaru.php No sample in VT\r\nLast check:18/03/2025'
sha256, 464087d09b85c0bbed20e5369264ae21537926da24efca8aed4136c70fe5b1e0, 'ihs_ori.php No sample in VT\r\nLast check:18/03/2025'
sha256, eae18c62dbb29bc6749347d410a16b190cb1b2fdaff6d8318ca9ecb5e572391d, 'GOD.php No sample in VT\r\nLast check:18/03/2025'
sha256, efd85fd28bcf10f32f0ac934ee0e9e71d34a0cbae66ee83abad9a929c3ca91f9, 'bocil.php No sample in VT\r\nLast check:18/03/2025'
sha256, 7fd271225602c021306c68157a2e17ace5f42853b4762c49f4d82ae8a4e2ebe3, 'pwssd.txt No sample in VT\r\nLast check:18/03/2025'
sha256, 02c3d44ec9a44558f516a5922b09b736c5786d2a675b89b2e86ce8f16e4041b6, 'ihs.php No sample in VT\r\nLast check:18/03/2025'
sha256, 0c5e744a5aefe6d6d432b85c33f92f2e2beb75af311421806acb550f766dda41, 'lock.html No sample in VT\r\nLast check:18/03/2025'
sha256, 658f468bc8a762ebef233d284bccb97d64d5b214ea49d9c1cac8b9976ee6c3dc, 'xss.pyc No sample in VT\r\nLast check:18/03/2025'
sha256, 1ba3ce9a93262e82a660b8b566134e08fa9680de8716a2893e4e4617086276f4, 'rudal3.py, nuklir.py No sample in VT\r\nLast check:18/03/2025'
sha256, 959cce59fc5d15540e348945b0a18516d9afb56b1f21fd2db4ed209e87cf2657, 'rudal2.js, Rudal.js No sample in VT\r\nLast check:18/03/2025'
sha256, 393bff0edb5c229064ba54343eb38ba1b301246caaa30c20021776c822383bf2, 'proxy.txt No sample in VT\r\nLast check:18/03/2025'
sha256, 49cf4ae0d9ffbfc0ff4918e34b1c5b066e62663eeee6da4d0fa91172850e03d6, 'white.php No sample in VT\r\nLast check:18/03/2025'
url, https://t.me/INDOHAXSEC, ''

Full IOCs available in Rectifyq's MISP```