Xinglocker
| RaaS
XingLocker is a ransomware group that emerged in May 2021 as part of a franchise-style RaaS model built on a customized MountLocker payload, using IcedID for initial access and Windows Active Directory APIs for worm-style lateral movement across networks.
Victims
21
First Discovered
2021-04-29
victim
Last Discovered
2021-10-26
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
1
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
星Team News | No | 2026-04-28T07:23:39 |
xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 4
- Healthcare 3
- Business Services 2
- Financial Services 2
- Construction 1
Top 5 Countries
-
United States
2
Heatmap
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
AdFind
Bloodhound
PowerView
ShareFinder
|
|
|
|
Cobalt Strike
|
|
|
|
YARA Rules (1)
Victims (21)
