ioc[.]one - OSINT Cyber Threat Intelligence Database

Back Despite Disruption: RedDelta Resumes Operations

Show in Graph

Common Information

Type	Value
UUID	d75602b0-28e0-4e30-9a37-1656789819c4
Fingerprint	3b2db2c3c28033ef35b01082fae34591831bed2416a546fb390ce96720c0f2f3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 13, 2020, 10:20 a.m.
Added to db	March 10, 2024, 12:58 a.m.
Last updated	Aug. 31, 2024, 3:13 a.m.
Headline	Back Despite Disruption: RedDelta Resumes Operations
Title	Back Despite Disruption: RedDelta Resumes Operations
Detected Hints/Tags/Attributes	95/2/62

Source URLs

	Redirection	Url
Details	Source	https://go.recordedfuture.com/hubfs/reports/cta-2020-0915.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Domain	546	www.recordedfuture.com
Details	Domain	5	web.miscrosaft.com
Details	Domain	4	lib.jsquerys.net
Details	Domain	5	lib.hostareas.com
Details	Domain	1	implications.zip
Details	Domain	5	www.systeminfor.com
Details	Domain	1	peace.zip
Details	Domain	1	quochoice.com
Details	Domain	1	perspective.zip
Details	Domain	1	talks.zip
Details	Domain	4	ipsoftwarelabs.com
Details	Domain	3	locvnpt.com
Details	Domain	3	cabsecnow.com
Details	Domain	4	systeminfor.com
Details	File	9	lib.js
Details	File	2	8.dat
Details	File	1	implications.zip
Details	File	1	implications.exe
Details	File	33	wwlib.dll
Details	File	50	www.sys
Details	File	1	eeas.dat
Details	File	1	peace.zip
Details	File	1	peace.exe
Details	File	9	acrord32.dll
Details	File	1	hk097.dat
Details	File	1	perspective.zip
Details	File	1	perspective.exe
Details	File	1	talks.zip
Details	File	1	talks.exe
Details	File	18	wsc.dll
Details	File	2	main.dat
Details	sha256	1	ca59ad2becdfba8f308264ec336b07bc415ea34f36d9e84228eda97cd8f7ef5c
Details	sha256	1	039bbe3f1d84efe3546f329aa1e4a42426cbe7950f68caed3dfe85cca9b6ebe0
Details	sha256	1	a1640a83373a8ce9e80734418ee0b10d48d3d0d823883a519849b50710c9f46a
Details	sha256	1	c2652596fb983c2b4c9bd3daa97ad992650be070ce4a0d4fbbaba0eb4e43decc
Details	sha256	2	4f29180005f3c2e776d1854722270287111ec073ab80dfc1b4dc1bc0d9337ddf
Details	sha256	2	eef56bfc68959c6eaa66ab6abcaaf8fb54aa5b5a7da0866d97a1effeae0952b8
Details	sha256	1	5a795c4b2a1a9c76791a516822ae0c9ec9d02780c41d2f6a6960a4ea15d68e34
Details	sha256	2	f7a7eca072cb07af2a769bff4729478a9ec714c59e3c1c25410184014ccee18e
Details	sha256	1	ba61ae5b49b12a941e7ef096b4714f6a9dc5e43cb28527749fa8425a75a315f4
Details	sha256	1	a64997b94ebfea461c95d445a4d13aa4c4bd49604451208746d95d106b677053
Details	sha256	1	daedb4c0bb841423f66a67d169d6831075c4df98d7823857be76f280752127c7
Details	sha256	2	e74182800eb247a9e0dfb7e6274dec2839571b650143bcd30423abe10f8daac4
Details	sha256	1	4847d29dc1269b4daf68e59691e2832be3d00aa6bade54330b2d93610c6ff544
Details	sha256	1	3f1d0a0d31242bd40e6febbdd97a9e26cb79dc202bd4f155c0a488a146b07dfa
Details	IPv4	5	154.213.21.207
Details	IPv4	4	154.213.21.70
Details	IPv4	3	154.213.21.73
Details	IPv4	4	167.88.180.32
Details	IPv4	3	103.85.24.149
Details	IPv4	1	103.85.24.161
Details	IPv4	3	103.85.24.158
Details	IPv4	1	167.88.177.179
Details	IPv4	3	85.209.43.21
Details	IPv4	3	103.85.24.136
Details	IPv4	1	167.88.177.151
Details	Threat Actor Identifier - APT	522	APT41
Details	Threat Actor Identifier - APT	78	APT3
Details	Url	1	http://103.85.24.161/8.dat
Details	Url	1	http://103.85.24.158
Details	Url	1	http://103.85.24.158/hk097.dat
Details	Url	2	http://103.85.24.158/eeas.dat