RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
Common Information
| Type | Value |
|---|---|
| UUID | 123bb741-705d-42c6-a61d-a8ffc4c3469c |
| Fingerprint | 9ba1701f8515856a36c44388a3d4e2ef7b30243bcdba7e011baf2da49bc948f7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 22, 2022, 2:19 p.m. |
| Added to db | March 10, 2024, 1:14 a.m. |
| Last updated | Aug. 31, 2024, 3:04 a.m. |
| Headline | RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant |
| Title | RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant |
| Detected Hints/Tags/Attributes | 140/4/140 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2022-1223.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS204957 |
|
| Details | Autonomous System Number | 1 | AS13768 |
|
| Details | Autonomous System Number | 1 | AS53755 |
|
| Details | Autonomous System Number | 6 | AS8100 |
|
| Details | Autonomous System Number | 3 | AS6134 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | vm.sg |
|
| Details | Domain | 1 | manager.com |
|
| Details | Domain | 1 | mashupdatabase.com |
|
| Details | Domain | 1 | microsite-manager.com |
|
| Details | Domain | 2 | test.msd |
|
| Details | Domain | 2 | policy.zip |
|
| Details | Domain | 1 | card.zip |
|
| Details | Domain | 1 | blogdirve.com |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 4 | russia.rar |
|
| Details | File | 1 | classicexplorersettings.exe |
|
| Details | File | 2 | classicexplorer32.dll |
|
| Details | File | 1 | classicexplorerlog.dat |
|
| Details | File | 1 | migration.iso |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 2 | hungary.doc |
|
| Details | File | 14 | lmiguardiansvc.exe |
|
| Details | File | 6 | lmiguardiandll.dll |
|
| Details | File | 1 | lmiguardiandll.dat |
|
| Details | File | 2 | migration.docx |
|
| Details | File | 2 | srbiji.pdf |
|
| Details | File | 4 | lmiguardiandat.dat |
|
| Details | File | 4 | card.doc |
|
| Details | File | 5 | acrodist.exe |
|
| Details | File | 3 | acrodistdll.dll |
|
| Details | File | 1 | acroscan.dat |
|
| Details | File | 1 | russia.doc |
|
| Details | File | 2 | policy.docx |
|
| Details | File | 2 | policy.zip |
|
| Details | File | 1 | card.zip |
|
| Details | File | 1 | 202022.iso |
|
| Details | File | 1 | hungary.rar |
|
| Details | File | 1 | red-white-red-card.docx |
|
| Details | File | 2 | russia.docx |
|
| Details | File | 3 | hungary.docx |
|
| Details | md5 | 1 | c50f7305bd1d085e642588e16fb130bc |
|
| Details | md5 | 1 | e5f2ad25b59bdc47bd7ffe92646102ae |
|
| Details | md5 | 1 | 131209d5e752300d4af86375abd81d24 |
|
| Details | md5 | 1 | 4467b50238e2ffecf62239efaec6e361 |
|
| Details | md5 | 1 | 01b68a0c13032bb59f262ed94d2daf85 |
|
| Details | md5 | 1 | e50fad7a1502a3097029b66b7eb4f903 |
|
| Details | md5 | 1 | 7afbd413c8df77b0c1e0de046c6a726b |
|
| Details | md5 | 1 | 5afce28efc06f7986c1d8c107cfa89b1 |
|
| Details | sha256 | 1 | 1aeb51a19fb0162d8c0cf5bc27f666a2885d4497b1738f6ad9c7125a8bc3c2d9 |
|
| Details | sha256 | 1 | c50f7305bd1d085e642588e16fb130bced4a69eae0b0fc48c1c93e4935dc70d4 |
|
| Details | sha256 | 1 | b35a9716e180b6a4cc92ccdc5d5825c62a41b4f13c0e38b757b2f47b202fc012 |
|
| Details | sha256 | 1 | d6e0903b9d9464c90c2007d84e8cf2387359c693a04c349cf0b551e65f860181 |
|
| Details | sha256 | 1 | 84cc77c788e3f5848893fb8b3cf3085d951d942ed79cae357984e42a27024e6e |
|
| Details | sha256 | 1 | 720263e2330c07c1def2e63ca722272c1cc3b30ebea6bd7b9c6d9e4826803cc7 |
|
| Details | sha256 | 2 | e5e396be385d38f69566aa141de3030ffe4eaad8afb244a2c22df4b6db425478 |
|
| Details | sha256 | 2 | ef2b6b411b79f751d73e824302ca00ff9f0d759a6eea02d2cfb11390d0e9379b |
|
| Details | sha256 | 1 | 5b027ada26a610e97ab4ef9efb1118b377061712acec6db994d6aa1c78a332a8 |
|
| Details | sha256 | 1 | 0055e6385633ca35ab3ac70f56d18d90b8d5a5894a5d8e738e567c3f7fb337be |
|
| Details | sha256 | 1 | 397cc7543c3b485d9d6ad4d9bc1b25ad098b6484b6a1c4edbd71558103ab0eb3 |
|
| Details | sha256 | 1 | 1765476a354244c6acba50b8f948d2afe23963ecc3a4cbf1f890a7385562d919 |
|
| Details | sha256 | 1 | f70d3601fb456a18ed7e7ed599d10783447016da78234f5dca61b8bd3a084a15 |
|
| Details | sha256 | 1 | 8e27900949a087349488d82e7434937bd253d31749041bb0233000a7339fc3e1 |
|
| Details | sha256 | 1 | 3e33897fcbf2f830b665489017a843146955ef67061bd58f004c418b6b97e9ea |
|
| Details | sha256 | 1 | 9c1ea202237726984b754d17528cfab0212ff9587bbffaf01c8535277b01c24a |
|
| Details | sha256 | 1 | 7558ff23586298a27fd504558884c880bcd17cd9ccf5379587c61be03653fd7a |
|
| Details | sha256 | 1 | 7afbd413c8df77b0c1e0de046c6a726b5afce28efc06f7986c1d8c107cfa89b1 |
|
| Details | sha256 | 1 | 131209d5e752300d4af86375abd81d244467b50238e2ffecf62239efaec6e361 |
|
| Details | sha256 | 1 | 458e19df6dc3402b2b12f473c9aec138d64a289c1539a92dd70cfae281c58838 |
|
| Details | sha256 | 1 | 79f5c7ee5f1cd22759816c0b90dc9ac8427c9e5450be8b0395cb49dd0ff4e284 |
|
| Details | sha256 | 1 | becdb31a669676dac3e797fb6db482f9fd644853e73fc28eb0031bd58487d081 |
|
| Details | sha256 | 1 | adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a |
|
| Details | sha256 | 1 | bfa84b7b4802a480fab498a16a1d177c46495df8f4f950f5d73e9cb220988e2a |
|
| Details | IPv4 | 1 | 64.34.205.178 |
|
| Details | IPv4 | 1 | 5.34.182.68 |
|
| Details | IPv4 | 1 | 38.55.105.46 |
|
| Details | IPv4 | 1 | 43.154.25.220 |
|
| Details | IPv4 | 1 | 45.90.59.153 |
|
| Details | IPv4 | 1 | 45.147.26.45 |
|
| Details | IPv4 | 1 | 82.118.21.86 |
|
| Details | IPv4 | 2 | 88.218.193.76 |
|
| Details | IPv4 | 1 | 88.218.193.247 |
|
| Details | IPv4 | 2 | 103.192.226.46 |
|
| Details | IPv4 | 1 | 103.192.226.87 |
|
| Details | IPv4 | 1 | 114.115.138.44 |
|
| Details | IPv4 | 1 | 185.80.201.4 |
|
| Details | IPv4 | 1 | 62.233.57.49 |
|
| Details | IPv4 | 1 | 185.14.29.26 |
|
| Details | IPv4 | 1 | 195.123.208.140 |
|
| Details | IPv4 | 1 | 45.32.101.7 |
|
| Details | IPv4 | 1 | 5.34.178.156 |
|
| Details | IPv4 | 1 | 5.34.176.17 |
|
| Details | IPv4 | 2 | 107.181.160.16 |
|
| Details | IPv4 | 1 | 103.79.120.71 |
|
| Details | IPv4 | 1 | 103.79.120.68 |
|
| Details | IPv4 | 1 | 103.79.120.70 |
|
| Details | IPv4 | 1 | 184.164.89.173 |
|
| Details | IPv4 | 1 | 82.118.21.248 |
|
| Details | IPv4 | 1 | 103.79.120.72 |
|
| Details | IPv4 | 1 | 64.34.216.44 |
|
| Details | IPv4 | 1 | 64.34.216.50 |
|
| Details | IPv4 | 2 | 64.34.205.41 |
|
| Details | IPv4 | 1 | 64.34.205.45 |
|
| Details | IPv4 | 1 | 107.178.71.200 |
|
| Details | IPv4 | 1 | 107.167.64.6 |
|
| Details | IPv4 | 2 | 69.90.190.110 |
|
| Details | IPv4 | 1 | 185.239.226.7 |
|
| Details | IPv4 | 5 | 45.134.83.29 |
|
| Details | IPv4 | 1 | 104.255.174.59 |
|
| Details | IPv4 | 1 | 104.255.174.60 |
|
| Details | IPv4 | 2 | 104.255.174.58 |
|
| Details | IPv4 | 1 | 43.254.218.128 |
|
| Details | IPv4 | 1 | 104.255.174.54 |
|
| Details | IPv4 | 1 | 104.255.174.55 |
|
| Details | IPv4 | 1 | 104.255.174.53 |
|
| Details | IPv4 | 1 | 155.94.200.214 |
|
| Details | IPv4 | 1 | 155.94.200.215 |
|
| Details | IPv4 | 1 | 155.94.200.216 |
|
| Details | IPv4 | 2 | 69.90.184.125 |
|
| Details | IPv4 | 2 | 155.94.200.211 |
|
| Details | IPv4 | 2 | 155.94.200.206 |
|
| Details | IPv4 | 2 | 155.94.200.209 |
|
| Details | IPv4 | 1 | 103.192.226.38 |
|
| Details | IPv4 | 1 | 103.107.104.6 |
|
| Details | IPv4 | 2 | 107.167.64.4 |
|
| Details | MITRE ATT&CK Techniques | 62 | T1583.003 |
|
| Details | MITRE ATT&CK Techniques | 82 | T1583.001 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 94 | T1564.001 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1564.003 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1036.005 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1036.007 |
|
| Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1132.001 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |