Cybercriminals camouflaging threats as AI tool installers
Cisco Talos has uncovered new threats disguised as legitimate AI tool installers, including CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly-discovered malware called Numero. These threats exploit the increasing popularity of AI across various industries. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, distributed as a fake ChatGPT installer. Numero, masquerading as an AI video creation tool, manipulates the Windows GUI, rendering systems unusable. Threat actors are using SEO poisoning and social media to distribute these fraudulent installers, targeting businesses in B2B sales, technology, and marketing sectors. Organizations must exercise caution and rely on reputable vendors to avoid falling prey to these malicious campaigns.
AI Analysis
Technical Summary
Cisco Talos has identified a new wave of cyber threats that leverage the growing popularity of AI tools by disguising malware as legitimate AI software installers. The primary malicious payloads include CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered malware named Numero. CyberLock ransomware is implemented using PowerShell scripts and targets specific file types for encryption, demanding a ransom payment of $50,000 in Monero cryptocurrency. Lucky_Gh0$t is a variant of the Yashma ransomware family and is distributed under the guise of a fake ChatGPT installer, exploiting user trust in popular AI applications. Numero malware masquerades as an AI video creation tool but instead manipulates the Windows graphical user interface, effectively rendering infected systems unusable and causing operational chaos. These threats are propagated through SEO poisoning techniques and social media campaigns, which direct victims to download these fraudulent installers. The attackers specifically target organizations in B2B sales, technology, and marketing sectors, where AI adoption is rapidly increasing. The lack of known exploits in the wild suggests these campaigns may be in early stages or targeted, but the use of sophisticated social engineering and distribution methods indicates a significant risk. The threat actors exploit user trust in AI tools and the current hype around AI technologies to increase infection rates. The malware variants differ in their impact: ransomware strains encrypt data for financial gain, while Numero disrupts system usability, potentially causing downtime and productivity loss. This multi-faceted approach increases the overall threat landscape complexity for organizations relying on AI tools or interested in adopting them.
Potential Impact
For European organizations, the impact of these threats can be substantial. The ransomware variants (CyberLock and Lucky_Gh0$t) pose a direct financial risk through ransom demands and potential data loss if backups are insufficient or compromised. Encrypted files could include sensitive business data, intellectual property, or customer information, leading to confidentiality breaches and regulatory compliance issues under GDPR. The disruption caused by Numero malware, which manipulates the Windows GUI and renders systems unusable, can lead to significant operational downtime, affecting productivity and service delivery. Sectors such as technology, marketing, and B2B sales are particularly vulnerable due to their reliance on AI tools and digital workflows. Additionally, the use of Monero for ransom payments complicates tracing and attribution, potentially encouraging further attacks. The social engineering aspect, leveraging SEO poisoning and social media, increases the likelihood of successful infections, especially in organizations with less mature cybersecurity awareness or controls. The reputational damage from falling victim to such scams can also be significant, impacting customer trust and business relationships. Overall, the threat undermines trust in AI tools and may slow AI adoption if organizations become wary of installing new software without thorough vetting.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy tailored to this threat landscape. First, enforce strict software installation policies that restrict users from installing unauthorized applications, especially those claiming to be AI tools from unverified sources. Use application allowlisting to permit only vetted software. Enhance endpoint protection with behavioral detection capabilities to identify ransomware activity and GUI manipulation attempts. Conduct targeted user awareness training focusing on the risks of downloading software from untrusted websites, recognizing SEO poisoning tactics, and verifying software authenticity through official vendor channels. Implement robust backup and recovery procedures, ensuring backups are isolated and regularly tested to mitigate ransomware impact. Monitor social media and SEO channels for emerging fake AI tool campaigns to proactively warn employees and customers. Employ network segmentation to limit lateral movement if an infection occurs. Additionally, leverage threat intelligence feeds to stay updated on indicators of compromise related to these malware families. Finally, collaborate with cybersecurity communities and law enforcement to share information and receive support in incident response.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy
Indicators of Compromise
- hash: 0e270acc64710f72ad7112f418b4355b
- hash: 141abe9a53751cdb3d3bbb8ff26bd09c
- hash: 1d47bd1ac1279b6716c9aae9f861fc14
- hash: 28c47ef5c1c6bd8e28e2a6d74baa1bc4
- hash: 2970ebc29d2e212eac3ffd39dcbf4c69
- hash: 3f6f606d4c2727241028f26bec00298d
- hash: 412b3093cb163fd7c2ec304911c07f2f
- hash: 477425e2a2ca53a04b97c8c8cf7f56f7
- hash: 74afacced1586346a1bc5bc4ee93e7a7
- hash: 74ceec119642832763ceba2e37f116e8
- hash: 7b753cdfc17eaef1e255423e7d8067b7
- hash: 7c1ff5473513ab8eea03ae0340f1ef02
- hash: 8487fdf3cde0e4203698db63e26a1c79
- hash: 96c966218df01efe6417c8efd59f0f8d
- hash: 9c5de647bbaa388cba8b5f757d0320bf
- hash: a152ac51e3cb81f3a86ba24612dea08b
- hash: a75a548e7c45673d9d274568cbe7e9de
- hash: abf900c13397c2be5ca97d410106bafc
- hash: b330b45a0c29944579f09ead23afc2f2
- hash: cc8d52c13303e9c6da3cbc5eada12c19
- hash: db147b8d39fb20d8979d32fa41838b2c
- hash: e8d74b520d20cf3cb2d88ec7350971bc
- hash: edcfc16b0f81cbde5e42fd07647076e4
- hash: f5796b519267a311371eb211d5dcef19
- hash: 0d27d85202a5cb5429875fadb45a081930bc1b9d
- hash: 106fd5f3140c2a8fc700e0d351201ec555e23cd4
- hash: 14ce4ffe0c5705058da351f993b8e6bbac160395
- hash: 17099432104f0a4ad3b691b4a7e3a950919ca89b
- hash: 1c64b62a753d816058586c0aa2ec010c7c06e50f
- hash: 1d973e0cc01bcb0efbd5b080e730660f8619052d
- hash: 1f0e7e4bc5ec9e15b5757e4d202ff35fd505c0f1
- hash: 239f0cea629cf00408e11be1712075b9f79d9610
- hash: 36d3d991f7d34530dc06eb3990b8719213aae9aa
- hash: 43387d26b516680ec0a719e5e434da54edc1ceb7
- hash: 519e16ee954edd653742e186b71a0264de736151
- hash: 52a89d3f744c90299bc0f5e77e28990b7bab676d
- hash: 53f5cc437bedab39c9b0a142c369b09a753492fd
- hash: 55bebe3df3ca7c67f35dc4906f8830fb49c23b3a
- hash: 56e44cee4132fc3fbc0cda9b7dc7e6b1c13593c8
- hash: 8044df46d9afc45fcccff25e36a2b5dafd71d73f
- hash: 8a7f5d2e3a164a5cc1700e2c0d68f29bd89237bf
- hash: 93105948886161beedd58b27f710a43a0f9c7adc
- hash: 94273101e56640e4e83afeeb654852486f453055
- hash: a7dd8f9d64b984a605ee24b26ee3c4c34af6b5fa
- hash: bf69cfb1bc15fcfd0f65b1c8a9ad9dd469776ff3
- hash: c148228ca3bbd467214677684081b8c6c1cfec15
- hash: c356cde05fa95bf4e5d8e4cb756cd349d47fda83
- hash: e0b0b012dd1001c20a698b2e0a1c7c48fce872d9
- hash: f202f84b422bd6175c413f482b62d73d780f7de2
- hash: fe595f79d60a63cbc4d6ac35e84c52cc122302d8
- hash: 03b5c76ad07987cfa3236eae5f8a5d42cef228dda22b392c40236872b512684e
- hash: 0759b628512b4eaabc6c3118012dd29f880e77d2af2feca01127a6fcf2fbbf10
- hash: 080e29e52a87d0e0e39eca5591d7185ff024367ddaded3e3fd26d3dbdb096a39
- hash: 0de612ea433676f12731da515cb16df0f98817b45b5ebc9bbf121d0b9e59c412
- hash: 1182b8e97daf59ad5abd1cb4b514436249dd4d36b4f3589b939d053f1de8fe23
- hash: 14c1cb13ffc67b222b42095a2e9ec9476f101e3a57246a1c33912d8fe3297878
- hash: 2850a346ecb7aebee3320ed7160f21a744e38f2d1a76c54f44c892ffc5c4ab77
- hash: 2e993bd82ba7225bf5b90da0e84cbd9fa7c012b646ea3954ebde4e211872b2a8
- hash: 352e51c42d5f5727a7c545752bf34d1f83f40219e7036c6959817149a51651bc
- hash: 4787df4eea91d9ceb9e25d9eb7373d79a0df4a5320411d7435f9a6621da2fd6b
- hash: 51fa1d7b95831a6263bf260df8044f77812c68a9b720dad7379ae96200b065dd
- hash: 527a40f5f73aeb663c7186db6e8236eec6f61fa04923cde560ebcd107911c9ff
- hash: 57a90105ad2023b76e357cf42ba01c5ca696d80a82f87b54aea58c4e0db8d683
- hash: 5a79eef18e4e843139287298f41c24bc93e9d0793c48b9706bdaba6aa9de82fd
- hash: 60a1749ce1eae4fba60547b0b357b998e0e522b51ede187d6d3ac2a3b9ecf8c0
- hash: 63cde9758f9209f15ee4068b11419fead501731b12777169d89ebb34063467ea
- hash: 79b041cedef44253fdda8a66b54bdd450605f01bbb77ea87da31450a9b4d2b63
- hash: 7f76985d5d50eb291293967bc986cd83a77281fd61e56355cf30a2ed7e52128e
- hash: 86bfb24c879d1be9ae4fe21ee010798a5d00ef56ababcc69db9ea34d32200fcc
- hash: a2c17f5c7acb05af81d4554e5080f5ed40b10e3988e96b4d05c4ee3e6237c31a
- hash: a71e274fc3086de4c22e68ed1a58567ab63790cc47cd2e04367e843408b9a065
- hash: a96491eeae6bb863943a3469645f152df5803f18441b281bb713f9e9ae8f495c
- hash: b53f9c2802a0846fc805c03798b36391c444ab5ea88dc2b36bffc908edc1f589
- hash: c296e654ea989d71f05d687cb74f389a531f17ce0b1cf5bfe0ee83c347e56289
- hash: c484d3394b32e3c7544414774c717ebc0ce4d04ca75a00e93f4fb04b9b48ecef
- hash: ca11eb7b9341b88da855a536b0741ed3155e80fc1ab60d89600b58a4b80d63a5
- hash: d1efebcca578357ea7af582d3860fa6c357d203e483e6be3d6f9592265f3b41c
- hash: d7ffefdf0079c6b4f257f845969d78aba47ff0be6f21af1c62c24c9a092ac884
- hash: e2171735f02f212c90856e9259ff7abc699c3efb55eeb5b61e72e92bea96f99c
- hash: e34b8c9798b92f6a0e2ca9853adce299b1bf425dedb29f1266254ac3a15c87cd
- hash: e49331fa82cb2ef943ee4ea0543ff918e5757b43fc6d8a76c08a3e6d627c5a97
- hash: ebdefa6f88e459555844d3d9c13a4d7908c272128f65a12df4fb82f1aeab139f
- hash: f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- hash: f52b4d81c73520fd25a2cc9c6e0e364b57396e0bb782187caf7c1e49693bebbf
- hash: f5efd939372f869750e6f929026b7b5d046c5dad2f6bd703ff1b2089738b4d9c
- hash: f68ae2c1d42d1b95e3829f08a516fb1695f75679fcfe0046e3e14890460191cf
- hash: fd34b2d67df7b6f12498e15ae20548827a963da9ec0b1d9f9b44af9d815400f1
- ip: 192.210.239.172
- hash: 092864a16fff333b8a98b29eb0a06d6c
- hash: 7002b9e747b3d92d6d52f291e911a7fc
- hash: cce97d53af7c61cc8b9953c9d616b101
- hash: e80eb9d5accd75020f311400faefdc58
- hash: c7fc692b4650356566b33414924475176328bd93
- hash: e760717e7eee446480dc7947b2a0751a0bc1f651
- hash: e8896bbd75ffca23b7f9e7c0c04c088d60e3ddae
- hash: ede9704d231f2950a65e272362c6f3cc82521e5c
- hash: 14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f
- hash: 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901
- hash: 1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e126e50caa1e43250b
- hash: 4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9
- hash: 5b7b8f351f6ba58f2d8fd8516c81b41ad54f4e40a8dc0d66785d20e05dd82c85
- hash: 8e0ad7f8f2f0af45516b09a356a1ca8cda81501208cf9020f33358196001672f
- hash: a528d85369bbceb665f167a0a84516e91e566832fb377a288daad05d3820ca78
- hash: c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738
- hash: c87503fefe0cb8d8c177575a3f37280683c0dd0ba05212c2c7a7111e9b7dd1df
- hash: cdeeab7aeab7b893f8be581dd76eccd7fd0f1732c91a95470ff4ea2d567acb63
- hash: f2e4b537ecd9a4d2a9c844216a1fdc78725d792ed9b8518c29726b4bc4acb8b7
- domain: lgaircon.xyz
- domain: cdn.lgaircon.xyz
- domain: cdn.phototagx.com
- domain: www.roomako.com
Cybercriminals camouflaging threats as AI tool installers
Description
Cisco Talos has uncovered new threats disguised as legitimate AI tool installers, including CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly-discovered malware called Numero. These threats exploit the increasing popularity of AI across various industries. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, distributed as a fake ChatGPT installer. Numero, masquerading as an AI video creation tool, manipulates the Windows GUI, rendering systems unusable. Threat actors are using SEO poisoning and social media to distribute these fraudulent installers, targeting businesses in B2B sales, technology, and marketing sectors. Organizations must exercise caution and rely on reputable vendors to avoid falling prey to these malicious campaigns.
AI-Powered Analysis
Technical Analysis
Cisco Talos has identified a new wave of cyber threats that leverage the growing popularity of AI tools by disguising malware as legitimate AI software installers. The primary malicious payloads include CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered malware named Numero. CyberLock ransomware is implemented using PowerShell scripts and targets specific file types for encryption, demanding a ransom payment of $50,000 in Monero cryptocurrency. Lucky_Gh0$t is a variant of the Yashma ransomware family and is distributed under the guise of a fake ChatGPT installer, exploiting user trust in popular AI applications. Numero malware masquerades as an AI video creation tool but instead manipulates the Windows graphical user interface, effectively rendering infected systems unusable and causing operational chaos. These threats are propagated through SEO poisoning techniques and social media campaigns, which direct victims to download these fraudulent installers. The attackers specifically target organizations in B2B sales, technology, and marketing sectors, where AI adoption is rapidly increasing. The lack of known exploits in the wild suggests these campaigns may be in early stages or targeted, but the use of sophisticated social engineering and distribution methods indicates a significant risk. The threat actors exploit user trust in AI tools and the current hype around AI technologies to increase infection rates. The malware variants differ in their impact: ransomware strains encrypt data for financial gain, while Numero disrupts system usability, potentially causing downtime and productivity loss. This multi-faceted approach increases the overall threat landscape complexity for organizations relying on AI tools or interested in adopting them.
Potential Impact
For European organizations, the impact of these threats can be substantial. The ransomware variants (CyberLock and Lucky_Gh0$t) pose a direct financial risk through ransom demands and potential data loss if backups are insufficient or compromised. Encrypted files could include sensitive business data, intellectual property, or customer information, leading to confidentiality breaches and regulatory compliance issues under GDPR. The disruption caused by Numero malware, which manipulates the Windows GUI and renders systems unusable, can lead to significant operational downtime, affecting productivity and service delivery. Sectors such as technology, marketing, and B2B sales are particularly vulnerable due to their reliance on AI tools and digital workflows. Additionally, the use of Monero for ransom payments complicates tracing and attribution, potentially encouraging further attacks. The social engineering aspect, leveraging SEO poisoning and social media, increases the likelihood of successful infections, especially in organizations with less mature cybersecurity awareness or controls. The reputational damage from falling victim to such scams can also be significant, impacting customer trust and business relationships. Overall, the threat undermines trust in AI tools and may slow AI adoption if organizations become wary of installing new software without thorough vetting.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy tailored to this threat landscape. First, enforce strict software installation policies that restrict users from installing unauthorized applications, especially those claiming to be AI tools from unverified sources. Use application allowlisting to permit only vetted software. Enhance endpoint protection with behavioral detection capabilities to identify ransomware activity and GUI manipulation attempts. Conduct targeted user awareness training focusing on the risks of downloading software from untrusted websites, recognizing SEO poisoning tactics, and verifying software authenticity through official vendor channels. Implement robust backup and recovery procedures, ensuring backups are isolated and regularly tested to mitigate ransomware impact. Monitor social media and SEO channels for emerging fake AI tool campaigns to proactively warn employees and customers. Employ network segmentation to limit lateral movement if an infection occurs. Additionally, leverage threat intelligence feeds to stay updated on indicators of compromise related to these malware families. Finally, collaborate with cybersecurity communities and law enforcement to share information and receive support in incident response.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://blog.talosintelligence.com/fake-ai-tool-installers/"]
- Adversary
- null
- Pulse Id
- 683877ce5988443994d884f3
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash0e270acc64710f72ad7112f418b4355b | MD5 of e34b8c9798b92f6a0e2ca9853adce299b1bf425dedb29f1266254ac3a15c87cd | |
hash141abe9a53751cdb3d3bbb8ff26bd09c | MD5 of c484d3394b32e3c7544414774c717ebc0ce4d04ca75a00e93f4fb04b9b48ecef | |
hash1d47bd1ac1279b6716c9aae9f861fc14 | MD5 of 080e29e52a87d0e0e39eca5591d7185ff024367ddaded3e3fd26d3dbdb096a39 | |
hash28c47ef5c1c6bd8e28e2a6d74baa1bc4 | MD5 of b53f9c2802a0846fc805c03798b36391c444ab5ea88dc2b36bffc908edc1f589 | |
hash2970ebc29d2e212eac3ffd39dcbf4c69 | MD5 of 14c1cb13ffc67b222b42095a2e9ec9476f101e3a57246a1c33912d8fe3297878 | |
hash3f6f606d4c2727241028f26bec00298d | MD5 of f52b4d81c73520fd25a2cc9c6e0e364b57396e0bb782187caf7c1e49693bebbf | |
hash412b3093cb163fd7c2ec304911c07f2f | MD5 of ca11eb7b9341b88da855a536b0741ed3155e80fc1ab60d89600b58a4b80d63a5 | |
hash477425e2a2ca53a04b97c8c8cf7f56f7 | MD5 of 79b041cedef44253fdda8a66b54bdd450605f01bbb77ea87da31450a9b4d2b63 | |
hash74afacced1586346a1bc5bc4ee93e7a7 | MD5 of 0759b628512b4eaabc6c3118012dd29f880e77d2af2feca01127a6fcf2fbbf10 | |
hash74ceec119642832763ceba2e37f116e8 | MD5 of 1182b8e97daf59ad5abd1cb4b514436249dd4d36b4f3589b939d053f1de8fe23 | |
hash7b753cdfc17eaef1e255423e7d8067b7 | MD5 of 527a40f5f73aeb663c7186db6e8236eec6f61fa04923cde560ebcd107911c9ff | |
hash7c1ff5473513ab8eea03ae0340f1ef02 | MD5 of ebdefa6f88e459555844d3d9c13a4d7908c272128f65a12df4fb82f1aeab139f | |
hash8487fdf3cde0e4203698db63e26a1c79 | MD5 of 57a90105ad2023b76e357cf42ba01c5ca696d80a82f87b54aea58c4e0db8d683 | |
hash96c966218df01efe6417c8efd59f0f8d | MD5 of e2171735f02f212c90856e9259ff7abc699c3efb55eeb5b61e72e92bea96f99c | |
hash9c5de647bbaa388cba8b5f757d0320bf | MD5 of d1efebcca578357ea7af582d3860fa6c357d203e483e6be3d6f9592265f3b41c | |
hasha152ac51e3cb81f3a86ba24612dea08b | MD5 of a71e274fc3086de4c22e68ed1a58567ab63790cc47cd2e04367e843408b9a065 | |
hasha75a548e7c45673d9d274568cbe7e9de | MD5 of f5efd939372f869750e6f929026b7b5d046c5dad2f6bd703ff1b2089738b4d9c | |
hashabf900c13397c2be5ca97d410106bafc | MD5 of 2850a346ecb7aebee3320ed7160f21a744e38f2d1a76c54f44c892ffc5c4ab77 | |
hashb330b45a0c29944579f09ead23afc2f2 | MD5 of 03b5c76ad07987cfa3236eae5f8a5d42cef228dda22b392c40236872b512684e | |
hashcc8d52c13303e9c6da3cbc5eada12c19 | MD5 of 51fa1d7b95831a6263bf260df8044f77812c68a9b720dad7379ae96200b065dd | |
hashdb147b8d39fb20d8979d32fa41838b2c | MD5 of 63cde9758f9209f15ee4068b11419fead501731b12777169d89ebb34063467ea | |
hashe8d74b520d20cf3cb2d88ec7350971bc | MD5 of a2c17f5c7acb05af81d4554e5080f5ed40b10e3988e96b4d05c4ee3e6237c31a | |
hashedcfc16b0f81cbde5e42fd07647076e4 | MD5 of 4787df4eea91d9ceb9e25d9eb7373d79a0df4a5320411d7435f9a6621da2fd6b | |
hashf5796b519267a311371eb211d5dcef19 | MD5 of 0de612ea433676f12731da515cb16df0f98817b45b5ebc9bbf121d0b9e59c412 | |
hash0d27d85202a5cb5429875fadb45a081930bc1b9d | SHA1 of ebdefa6f88e459555844d3d9c13a4d7908c272128f65a12df4fb82f1aeab139f | |
hash106fd5f3140c2a8fc700e0d351201ec555e23cd4 | SHA1 of 4787df4eea91d9ceb9e25d9eb7373d79a0df4a5320411d7435f9a6621da2fd6b | |
hash14ce4ffe0c5705058da351f993b8e6bbac160395 | SHA1 of 0de612ea433676f12731da515cb16df0f98817b45b5ebc9bbf121d0b9e59c412 | |
hash17099432104f0a4ad3b691b4a7e3a950919ca89b | SHA1 of f52b4d81c73520fd25a2cc9c6e0e364b57396e0bb782187caf7c1e49693bebbf | |
hash1c64b62a753d816058586c0aa2ec010c7c06e50f | SHA1 of 2850a346ecb7aebee3320ed7160f21a744e38f2d1a76c54f44c892ffc5c4ab77 | |
hash1d973e0cc01bcb0efbd5b080e730660f8619052d | SHA1 of d1efebcca578357ea7af582d3860fa6c357d203e483e6be3d6f9592265f3b41c | |
hash1f0e7e4bc5ec9e15b5757e4d202ff35fd505c0f1 | SHA1 of c484d3394b32e3c7544414774c717ebc0ce4d04ca75a00e93f4fb04b9b48ecef | |
hash239f0cea629cf00408e11be1712075b9f79d9610 | SHA1 of f5efd939372f869750e6f929026b7b5d046c5dad2f6bd703ff1b2089738b4d9c | |
hash36d3d991f7d34530dc06eb3990b8719213aae9aa | — | |
hash43387d26b516680ec0a719e5e434da54edc1ceb7 | SHA1 of 0759b628512b4eaabc6c3118012dd29f880e77d2af2feca01127a6fcf2fbbf10 | |
hash519e16ee954edd653742e186b71a0264de736151 | SHA1 of 03b5c76ad07987cfa3236eae5f8a5d42cef228dda22b392c40236872b512684e | |
hash52a89d3f744c90299bc0f5e77e28990b7bab676d | SHA1 of 527a40f5f73aeb663c7186db6e8236eec6f61fa04923cde560ebcd107911c9ff | |
hash53f5cc437bedab39c9b0a142c369b09a753492fd | SHA1 of 57a90105ad2023b76e357cf42ba01c5ca696d80a82f87b54aea58c4e0db8d683 | |
hash55bebe3df3ca7c67f35dc4906f8830fb49c23b3a | SHA1 of b53f9c2802a0846fc805c03798b36391c444ab5ea88dc2b36bffc908edc1f589 | |
hash56e44cee4132fc3fbc0cda9b7dc7e6b1c13593c8 | SHA1 of 080e29e52a87d0e0e39eca5591d7185ff024367ddaded3e3fd26d3dbdb096a39 | |
hash8044df46d9afc45fcccff25e36a2b5dafd71d73f | SHA1 of a71e274fc3086de4c22e68ed1a58567ab63790cc47cd2e04367e843408b9a065 | |
hash8a7f5d2e3a164a5cc1700e2c0d68f29bd89237bf | SHA1 of e2171735f02f212c90856e9259ff7abc699c3efb55eeb5b61e72e92bea96f99c | |
hash93105948886161beedd58b27f710a43a0f9c7adc | SHA1 of a2c17f5c7acb05af81d4554e5080f5ed40b10e3988e96b4d05c4ee3e6237c31a | |
hash94273101e56640e4e83afeeb654852486f453055 | SHA1 of 51fa1d7b95831a6263bf260df8044f77812c68a9b720dad7379ae96200b065dd | |
hasha7dd8f9d64b984a605ee24b26ee3c4c34af6b5fa | SHA1 of 14c1cb13ffc67b222b42095a2e9ec9476f101e3a57246a1c33912d8fe3297878 | |
hashbf69cfb1bc15fcfd0f65b1c8a9ad9dd469776ff3 | SHA1 of 63cde9758f9209f15ee4068b11419fead501731b12777169d89ebb34063467ea | |
hashc148228ca3bbd467214677684081b8c6c1cfec15 | SHA1 of ca11eb7b9341b88da855a536b0741ed3155e80fc1ab60d89600b58a4b80d63a5 | |
hashc356cde05fa95bf4e5d8e4cb756cd349d47fda83 | — | |
hashe0b0b012dd1001c20a698b2e0a1c7c48fce872d9 | SHA1 of 1182b8e97daf59ad5abd1cb4b514436249dd4d36b4f3589b939d053f1de8fe23 | |
hashf202f84b422bd6175c413f482b62d73d780f7de2 | SHA1 of e34b8c9798b92f6a0e2ca9853adce299b1bf425dedb29f1266254ac3a15c87cd | |
hashfe595f79d60a63cbc4d6ac35e84c52cc122302d8 | SHA1 of 79b041cedef44253fdda8a66b54bdd450605f01bbb77ea87da31450a9b4d2b63 | |
hash03b5c76ad07987cfa3236eae5f8a5d42cef228dda22b392c40236872b512684e | — | |
hash0759b628512b4eaabc6c3118012dd29f880e77d2af2feca01127a6fcf2fbbf10 | — | |
hash080e29e52a87d0e0e39eca5591d7185ff024367ddaded3e3fd26d3dbdb096a39 | — | |
hash0de612ea433676f12731da515cb16df0f98817b45b5ebc9bbf121d0b9e59c412 | — | |
hash1182b8e97daf59ad5abd1cb4b514436249dd4d36b4f3589b939d053f1de8fe23 | — | |
hash14c1cb13ffc67b222b42095a2e9ec9476f101e3a57246a1c33912d8fe3297878 | — | |
hash2850a346ecb7aebee3320ed7160f21a744e38f2d1a76c54f44c892ffc5c4ab77 | — | |
hash2e993bd82ba7225bf5b90da0e84cbd9fa7c012b646ea3954ebde4e211872b2a8 | — | |
hash352e51c42d5f5727a7c545752bf34d1f83f40219e7036c6959817149a51651bc | — | |
hash4787df4eea91d9ceb9e25d9eb7373d79a0df4a5320411d7435f9a6621da2fd6b | — | |
hash51fa1d7b95831a6263bf260df8044f77812c68a9b720dad7379ae96200b065dd | — | |
hash527a40f5f73aeb663c7186db6e8236eec6f61fa04923cde560ebcd107911c9ff | — | |
hash57a90105ad2023b76e357cf42ba01c5ca696d80a82f87b54aea58c4e0db8d683 | — | |
hash5a79eef18e4e843139287298f41c24bc93e9d0793c48b9706bdaba6aa9de82fd | — | |
hash60a1749ce1eae4fba60547b0b357b998e0e522b51ede187d6d3ac2a3b9ecf8c0 | — | |
hash63cde9758f9209f15ee4068b11419fead501731b12777169d89ebb34063467ea | — | |
hash79b041cedef44253fdda8a66b54bdd450605f01bbb77ea87da31450a9b4d2b63 | — | |
hash7f76985d5d50eb291293967bc986cd83a77281fd61e56355cf30a2ed7e52128e | — | |
hash86bfb24c879d1be9ae4fe21ee010798a5d00ef56ababcc69db9ea34d32200fcc | — | |
hasha2c17f5c7acb05af81d4554e5080f5ed40b10e3988e96b4d05c4ee3e6237c31a | — | |
hasha71e274fc3086de4c22e68ed1a58567ab63790cc47cd2e04367e843408b9a065 | — | |
hasha96491eeae6bb863943a3469645f152df5803f18441b281bb713f9e9ae8f495c | — | |
hashb53f9c2802a0846fc805c03798b36391c444ab5ea88dc2b36bffc908edc1f589 | — | |
hashc296e654ea989d71f05d687cb74f389a531f17ce0b1cf5bfe0ee83c347e56289 | — | |
hashc484d3394b32e3c7544414774c717ebc0ce4d04ca75a00e93f4fb04b9b48ecef | — | |
hashca11eb7b9341b88da855a536b0741ed3155e80fc1ab60d89600b58a4b80d63a5 | — | |
hashd1efebcca578357ea7af582d3860fa6c357d203e483e6be3d6f9592265f3b41c | — | |
hashd7ffefdf0079c6b4f257f845969d78aba47ff0be6f21af1c62c24c9a092ac884 | — | |
hashe2171735f02f212c90856e9259ff7abc699c3efb55eeb5b61e72e92bea96f99c | — | |
hashe34b8c9798b92f6a0e2ca9853adce299b1bf425dedb29f1266254ac3a15c87cd | — | |
hashe49331fa82cb2ef943ee4ea0543ff918e5757b43fc6d8a76c08a3e6d627c5a97 | — | |
hashebdefa6f88e459555844d3d9c13a4d7908c272128f65a12df4fb82f1aeab139f | — | |
hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb | — | |
hashf52b4d81c73520fd25a2cc9c6e0e364b57396e0bb782187caf7c1e49693bebbf | — | |
hashf5efd939372f869750e6f929026b7b5d046c5dad2f6bd703ff1b2089738b4d9c | — | |
hashf68ae2c1d42d1b95e3829f08a516fb1695f75679fcfe0046e3e14890460191cf | — | |
hashfd34b2d67df7b6f12498e15ae20548827a963da9ec0b1d9f9b44af9d815400f1 | — | |
hash092864a16fff333b8a98b29eb0a06d6c | MD5 of 14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f | |
hash7002b9e747b3d92d6d52f291e911a7fc | MD5 of 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901 | |
hashcce97d53af7c61cc8b9953c9d616b101 | MD5 of c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738 | |
hashe80eb9d5accd75020f311400faefdc58 | MD5 of 4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9 | |
hashc7fc692b4650356566b33414924475176328bd93 | SHA1 of 14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f | |
hashe760717e7eee446480dc7947b2a0751a0bc1f651 | SHA1 of 4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9 | |
hashe8896bbd75ffca23b7f9e7c0c04c088d60e3ddae | SHA1 of c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738 | |
hashede9704d231f2950a65e272362c6f3cc82521e5c | SHA1 of 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901 | |
hash14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f | — | |
hash1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901 | — | |
hash1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e126e50caa1e43250b | — | |
hash4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9 | — | |
hash5b7b8f351f6ba58f2d8fd8516c81b41ad54f4e40a8dc0d66785d20e05dd82c85 | — | |
hash8e0ad7f8f2f0af45516b09a356a1ca8cda81501208cf9020f33358196001672f | — | |
hasha528d85369bbceb665f167a0a84516e91e566832fb377a288daad05d3820ca78 | — | |
hashc02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738 | — | |
hashc87503fefe0cb8d8c177575a3f37280683c0dd0ba05212c2c7a7111e9b7dd1df | — | |
hashcdeeab7aeab7b893f8be581dd76eccd7fd0f1732c91a95470ff4ea2d567acb63 | — | |
hashf2e4b537ecd9a4d2a9c844216a1fdc78725d792ed9b8518c29726b4bc4acb8b7 | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip192.210.239.172 | CC=US ASN=AS36352 colocrossing |
Domain
| Value | Description | Copy |
|---|---|---|
domainlgaircon.xyz | — | |
domaincdn.lgaircon.xyz | — | |
domaincdn.phototagx.com | — | |
domainwww.roomako.com | — |
Threat ID: 68387d2b182aa0cae28315f6
Added to database: 5/29/2025, 3:28:43 PM
Last enriched: 7/7/2025, 6:55:51 PM
Last updated: 8/11/2025, 11:43:12 PM
Views: 20
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumColt Telecom attack claimed by WarLock ransomware, data up for sale
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.