ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries

Show in Graph

Common Information

Type	Value
UUID	e063d676-d6f8-4f6b-aa60-28d3a6738494
Fingerprint	c416130f281141a9dafa8d2feda2fbd7ec5a89e18c0ce11654a21921f30362fa
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 15, 2021, 6:46 p.m.
Added to db	March 10, 2024, 1:04 a.m.
Last updated	Aug. 30, 2024, 10:33 p.m.
Headline	Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
Title	Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
Detected Hints/Tags/Attributes	76/3/195

Source URLs

	Redirection	Url
Details	Source	https://go.recordedfuture.com/hubfs/reports/cta-2021-0616-kr.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Domain	546	www.recordedfuture.com
Details	Domain	2	qcc.com
Details	Domain	3	inbsnl.ddns.info
Details	Domain	2	adtl.mywire.org
Details	Domain	2	indianmail.zyns.com
Details	Domain	2	kelimelerdunyasi.org
Details	Domain	2	stratejibilimi.com
Details	Domain	2	adobesupport.net
Details	Domain	2	superkelimeler.com
Details	Domain	5	skylineqaz.crabdance.com
Details	Domain	2	coreldraw.kozow.com
Details	Domain	2	hostmail1.com
Details	Domain	2	capture.kozow.com
Details	Domain	2	redhatboy.dynamic-dns.net
Details	Domain	2	scorpio.dns04.com
Details	Domain	2	koreckaccord01.zzux.com
Details	Domain	4	exat.dnset.com
Details	Domain	2	macfeesyn.ns01.info
Details	Domain	2	gulistan.wikaba.com
Details	Domain	2	macfeeupdate.ddns.info
Details	Domain	2	lexuz.dns05.com
Details	Domain	3	lexuz.x24hr.com
Details	Domain	2	pisces.zzux.com
Details	Domain	2	inbsnl.ddns.ms
Details	Domain	3	indian.mefound.com
Details	Domain	2	appinfo.camdvr.org
Details	Domain	3	aries.epac.to
Details	Domain	4	billing.epac.to
Details	Domain	3	chock.mywire.org
Details	Domain	2	czconnections.ddns.info
Details	Domain	2	drdo.dumb1.com
Details	Domain	2	drdo.mypop3.net
Details	Domain	2	dsgf.chickenkiller.com
Details	Domain	3	elienceso.kozow.com
Details	Domain	2	exat.zyns.com
Details	Domain	2	execserver.giize.com
Details	Domain	2	exujjat.xxuz.com
Details	Domain	2	fashget.theworkpc.com
Details	Domain	2	fivenum.mooo.com
Details	Domain	2	foreverlove.zzux.com
Details	Domain	2	forum.camdvr.org
Details	Domain	2	fukebutt.zzux.com
Details	Domain	2	googleupdate.myz.info
Details	Domain	2	hcl.sexidude.com
Details	Domain	3	honoroftajik.dynamic-dns.net
Details	Domain	2	https.dnset.com
Details	Domain	3	https.ikwb.com
Details	Domain	2	https.otzo.com
Details	Domain	2	https.vizvaz.com
Details	Domain	2	indiaeducation.mefound.com
Details	Domain	2	itsupport.firewall-gateway.net
Details	Domain	2	jpgdowngaussip.ddns.info
Details	Domain	3	kastygost.compress.to
Details	Domain	3	laugh.toh.info
Details	Domain	2	linkedin.organiccrap.com
Details	Domain	3	locker.camdvr.org
Details	Domain	2	login.kozow.com
Details	Domain	2	logonfaker.longmusic.com
Details	Domain	2	macfee.webredirect.org
Details	Domain	2	mall.mywire.org
Details	Domain	2	manual.gleeze.com
Details	Domain	2	manuals.wikaba.com
Details	Domain	2	menus.giize.com
Details	Domain	2	menus.kozow.com
Details	Domain	2	mfedownload.freetcp.com
Details	Domain	2	mfeupdate.ddns.info
Details	Domain	2	mfeupload.freetcp.com
Details	Domain	5	miche.justdied.com
Details	Domain	2	msgsober.xxuz.com
Details	Domain	2	msn.dnsnet.com
Details	Domain	4	nicodonald.accesscam.org
Details	Domain	3	niteast.strangled.net
Details	Domain	2	notice.theworkpc.com
Details	Domain	2	nproccshow.zyns.com
Details	Domain	2	otc.toythieves.com
Details	Domain	2	prace.gleeze.com
Details	Domain	3	pracute.camdvr.org
Details	Domain	3	queryinfo.mrbonus.com
Details	Domain	2	quickheal.firewall-gateway.net
Details	Domain	4	randomanalyze.freetcp.com
Details	Domain	2	rastelcs.kozow.com
Details	Domain	2	rci.ddns.info
Details	Domain	2	scorpio.zzux.com
Details	Domain	2	secindia.mywire.org
Details	Domain	2	secssl.ooguy.com
Details	Domain	2	secssl.theworkpc.com
Details	Domain	4	secupdate.kozow.com
Details	Domain	2	skylineline.crabdance.com
Details	Domain	2	smcupdate.mooo.com
Details	Domain	2	srcrail.kozow.com
Details	Domain	2	sunway2.chickenkiller.com
Details	Domain	3	supports.casacam.net
Details	Domain	2	supports.gleeze.com
Details	Domain	2	sysman.ddnsgeek.com
Details	Domain	2	sysmantec.firewall-gateway.net
Details	Domain	2	sysmantec.organiccrap.com
Details	Domain	4	tajikstantravel.dynamic-dns.net
Details	Domain	4	tele.zyns.com
Details	Domain	2	thinkv.dynamic-dns.net
Details	Domain	2	thinkv.epac.to
Details	Domain	2	trand.mefound.com
Details	Domain	4	trendiis.sixth.biz
Details	Domain	3	updateinfo.kozow.com
Details	Domain	4	uzwatersource.dynamic-dns.net
Details	Domain	2	water.xxuz.com
Details	Domain	2	wawaqq.ddns.info
Details	Domain	2	whitepages.dynamic-dns.net
Details	Domain	2	wsliversourcecor.epac.to
Details	Domain	2	yatedo.organiccrap.com
Details	Domain	4127	github.com
Details	File	2	b218bb9ef2c2e2b282f8c88e098001b7.html
Details	File	3	aries.ep
Details	File	4	billing.ep
Details	File	2	thinkv.ep
Details	File	2	wsliversourcecor.ep
Details	File	30	rdpclip.exe
Details	File	86	service.exe
Details	File	6	osloader.exe
Details	File	2	template_final.doc
Details	File	1018	rundll32.exe
Details	File	31	sys.exe
Details	File	8	rastls.exe
Details	File	20	rastls.dll
Details	File	1	qt_slide_dmc_090719.doc
Details	Github username	6	insikt-group
Details	md5	2	b218bb9ef2c2e2b282f8c88e098001b7
Details	sha1	2	acb11d9d0652c95b16db17fda918ff5b6ee66815
Details	sha1	2	c1e3a5e171d0de6054f4a1aeb9a46ff176ef5ba6
Details	sha1	2	8e3991d623a7ffd86516224a0b6932785ef63f9e
Details	sha256	2	2723ac49d3f59b51d96f3ab3605becdef1987242ef3d9d5b8490b0c9abe45049
Details	sha256	3	425d2a6416a59943428e8727d2ad6247eb8342c35c4bd1d5b80df25d6fbcae94
Details	sha256	3	4c6a45d08cb649b5486d9719634f903b3561e7820eda31bd50d811a01bd3481b
Details	sha256	3	b668f9e213282cd1b941ab8d6dd5f3dd3266011ae16c0795ca86d12a57c095cc
Details	sha256	2	69a9e5545103b582173ed268fc5ca0014c4d2e17337a953752b0157a76cc0bcb
Details	sha256	2	7f3c26b8d3087f1cc345da965bb7af1a58488c6e260f12e72d8274d949a857bd
Details	sha256	2	556d34db7e60b0d25eca0d8e6b9297cd9f2174c0d2ca013c0036a067457a2d01
Details	sha256	2	e8f347745b1808db185c682af87896a941b4042f5de919e2010749152bda48ad
Details	sha256	2	a7a3cd98252047717f8f429d2060aa84c6ee4ed8ae60ee15ad0b2b5807158c70
Details	sha256	2	e1ca30bbdea8523aec6570f1b2f59012d0899875325a9ac88f09e09c14734ecc
Details	sha256	2	f0c0a9b2911ee1f1774e69e0be313eda2054d744fa547f1c64ba0f078db3fcd9
Details	sha256	3	9f9fde45784f93c18ea998d90aa6791905c81061d974416dd722071fbd54688e
Details	sha256	2	8afcc6a25320a28833334a413a0f395a73bacf033fe0e84fea7ed4fec7945ca4
Details	sha256	2	eeef1439b17280dfd7ce821752551aee57f3d1b7f385fe9cf331f69abd35cd96
Details	sha256	2	4a7910fe2c0e611be52d15798563c007aa632d47eae1f020be95fde27d963da9
Details	sha256	3	f45c6f8695fbc6e537cea15142f062a0d21c4a556c5fc1f7a2f3ee661b036ffc
Details	sha256	3	851010b875a2ae5c68e85c7d549082539e427b0e9f0c5efef92e1396c6d8a0ae
Details	sha256	3	c21a3a44b46e7242c0762c8ec5e8a394ddc74b747244c5b83678620ae141e59c
Details	sha256	5	6cd5079a69d9a68029e37f2680f44b7ba71c2b1eecf4894c2a8b293d5f768f10
Details	sha256	4	45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f
Details	sha256	2	0c596299c47ce6305e07f55397fd69d49c8cab4f4b34a617bb6670dcaac9d9f2
Details	sha256	4	11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654
Details	sha256	2	d096eecd60710ccf7f1658a52d54caef9cb26b3857b3a3dbefa688c769e07339
Details	sha256	3	087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec
Details	sha256	2	73bbb96e078a2ca3d55e0acffe0f9c80edf6ff0459a25c34edb4c14bb88783c1
Details	sha256	2	e149e7c145d440193a0e3bf4b54c44de00bbc3872ef18d6da3c12f1e7add3053
Details	sha256	2	acb11d9d0652c95b16db17fda918ff5b6ee668156a30fe6276b0fa66f74c9720
Details	sha256	2	c1e3a5e171d0de6054f4a1aeb9a46ff176ef5ba6464304b2f2660a23396e91f4
Details	sha256	2	379af30d508cdbae7eb201041d8eb815b239e181dd8106145d4263753df3acd9
Details	sha256	2	367718fd58c658dce22c995f3e10bc3a5425814ddf221686e166e3129a53e897
Details	sha256	2	51e3f3a762ab6fb0c3db4819560c6b1607cdcd257ce375e68fdf1a17ff5c2cb5
Details	sha256	5	597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486
Details	sha256	4	4e1a2f731688f9aab80b1f55d9101bb1cddec08214d4379621c434899a01efbf
Details	sha256	4	a95bbc1f067783c1107566ed7897549f6504d5367b8282efe6f06dc31414c314
Details	sha256	5	9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0
Details	sha256	4	f5365387320ae6e6907fd2700f340ba8712cb08f7e52b2ec4dccfe99b3d648ef
Details	sha256	2	ecdf806bb7ac876bac8250a1f0ff40395faf7a6738df6e0f62553c4164fdf16d
Details	sha256	4	5238f8d8c3d16b52d39aa722daff663a5e6307c4b46e360969d84bf409a2690f
Details	IPv4	2	45.251.241.13
Details	IPv4	2	206.189.153.132
Details	IPv4	2	45.76.197.157
Details	IPv4	2	142.93.212.86
Details	IPv4	2	45.77.178.76
Details	IPv4	2	45.32.22.220
Details	IPv4	2	66.42.33.214
Details	IPv4	2	45.76.216.62
Details	IPv4	2	142.93.217.73
Details	IPv4	4	143.110.241.54
Details	IPv4	2	141.164.43.124
Details	IPv4	2	149.28.131.147
Details	IPv4	2	143.110.187.104
Details	IPv4	2	165.232.180.8
Details	IPv4	2	143.110.249.226
Details	IPv4	2	178.128.124.161
Details	IPv4	2	159.89.172.102
Details	IPv4	2	188.166.235.99
Details	IPv4	2	172.104.64.123
Details	IPv4	2	198.13.51.228
Details	IPv4	2	188.166.178.133
Details	IPv4	2	206.189.143.219
Details	IPv4	2	198.13.42.157
Details	IPv4	2	45.32.146.174
Details	IPv4	4	202.182.111.249
Details	Mandiant Temporary Group Assumption	8	TEMP.TRIDENT
Details	Url	2	https://m.qcc.com/wenshudetail/b218bb9ef2c2e2b282f8c88e098001b7.html
Details	Url	1	https://github.com/insikt-group/research에서