FOCUS MODE
EXTRACT IOC
0Trash

INDOHAXSEC Indonesian Hacking Collective | Arctic Wolf

Securonix
INDOHAXSEC Indonesian Hacking Collective | Arctic Wolf
INDOHAXSEC, a recent Indonesian hacktivist group, has conducted various cyberattacks including DDoS and ransomware targeting government entities and companies, motivated primarily by political agendas related to pro-Palestinian sentiments. They use a combination of custom and off-the-shelf tools, and maintain a notable presence on platforms like GitHub and Telegram. Affected: Indonesia, Israel, India, Malaysia

Keypoints :

  • INDOHAXSEC is an Indonesian hacktivist group established in October 2024.
  • They engage in various cyberattacks, including DDoS and ransomware, mainly against government and corporate entities.
  • The group is significantly motivated by political and religious ideologies, often targeting entities associated with Israel.
  • INDOHAXSEC has a notable collaboration with the pro-Russian group NoName057(16).
  • The group utilizes GitHub for sharing custom tools and Telegram for communication and propaganda.
  • They have publicly claimed to develop a successor to the WannaCry ransomware.
  • Cyber operations from INDOHAXSEC often reflect ongoing geopolitical tensions in the region.
  • They are known for their doxxing campaigns, particularly against Malaysian officials in response to political incidents.
  • The Arctic Wolf Labs team is monitoring INDOHAXSEC activities to enhance cyber protections for their customers.

MITRE Techniques :

  • TA0001 – Initial Access: The group uses phishing or credential dumping to gain initial access to targets.
  • TA0002 – Execution: Execution of malicious payloads including ransomware and DDoS scripts.
  • TA0003 – Persistence: Custom malicious scripts maintained in GitHub for recurring access.
  • TA0004 – Privilege Escalation: Use of web shells and backdoors for escalating privileges on attacked systems.
  • TA0005 – Defense Evasion: Modification of existing tools to evade detection and maintain anonymity.
  • TA0060 – Collection: Data gathering from breached databases for further exploitation.
  • TA0007 – Exfiltration: Leaking sensitive data from compromised organizations to the public.

Indicator of Compromise :

  • [SHA256 Hash] cd8a7350b07311f2257eba7ed5d992cf7f00e869461f9a2c3c2003a05bfdcce0 (indohaxsec.php)
  • [SHA256 Hash] 9391014b5a567f4821603c97802c38d8f3053469f47533c57bcfdb787fd9cd57 (404.php)
  • [SHA256 Hash] 09092c5061322e3cdc33e3eb4d8379f77ec20ff121acd42b159e87407e421a57 (x.php)
  • [SHA256 Hash] e9a2379991d7ad9f3031c9cd62eab9277b9a2d0179a066b36dd95737182574c8 (masal.php)
  • [SHA256 Hash] 3b1cb2248bf6b2c9cb493f6ef226a943042ccd8a5e98f4869c55a4efe0a0f835 (selbaru.php)

Full Story: https://arcticwolf.com/resources/blog/indohaxsec-emerging-indonesian-hacking-collective/

Tags: PHISHING, BACKDOOR, LEAK, IMPACT, COLLECTION, PROXY, XSS, TOOL