The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new $50 USD enrollment fee.
XDedic’s original domain (xdedic[.]biz) disappeared shortly after a June 16 Kaspersky Lab report describing how xDedic provided a platform for the sale of compromised RDP servers. At the time of the report, there were 70,000 hacked servers for sale for as little as $6, and the website was doing brisk business.
Researchers at Digital Shadows reported today that a June 24 post to the Russian-language forum, exploit[.]in, included a link to the .onion site now hosting xDedic.
“The new xDedic site was found to be identical in design to the previous site and although discussion in the exploit[.]in thread indicated that accounts on the previous site had not been transferred to the new site, accounts could be freely registered,” Digital Shadows wrote in an incident report shared with Threatpost. “However, following registration, accounts had to be credited with $50 USD in order to activate them.”