IOC Radar
TLP:WHITE5 IOCs

INC Ransomware Uses LOLBins, RMM Tools, and rclone for Network Intrusion and Data Exfiltration

CP
Cyber Press
Published June 19, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYINC RansomVICTIMunknown
Adversary
Infrastructure
Capability(1)
Victim

Attack Flow8 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/8
Exploit Public-Facing Application
ActionExploit vulnerable applications
Attackers exploit vulnerabilities in public-facing applications like Citrix NetScaler, Fortinet EMS, or Citrix Bleed.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2025-5777
exploitintel-blogmalware
Medium
54
Jun 20, 26
CVECVE-2023-48788
exploitintel-blogmalware
Medium
51
Jun 20, 26
CVECVE-2023-3519
exploitintel-blogmalware
High
64
Jun 2, 26
MD5766df58af7b444d8fcfd934a6e37d164
aptespionageexploit
Medium
53
Jun 20, 26
MD54328615e2e4c50febd4b740c5c734a3b
aptespionageexploit
Medium
53
Jun 20, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
CVEMD5
CVE3MD52Malware1REPORTINC Ransomware Uses LOLBinINC Ransom
scroll to zoom · drag to pan · click IOC to open