RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats
Tags
Common Information
Type | Value |
---|---|
UUID | 886cb4e0-24e9-4c98-8b2e-c1d4476c3a3b |
Fingerprint | 659fbbd26f2f87bc |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 9, 2025, 3:06 p.m. |
Added to db | Jan. 9, 2025, 4:15 p.m. |
Last updated | Jan. 19, 2025, 3:26 a.m. |
Headline | RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats |
Title | RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats |
Detected Hints/Tags/Attributes | 131/4/319 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 6 | abecopiers.com |
|
Details | Domain | 6 | alicevivianny.com |
|
Details | Domain | 6 | aljazddra.com |
|
Details | Domain | 6 | alphadawgrecords.com |
|
Details | Domain | 6 | alvinclayman.com |
|
Details | Domain | 6 | antioxidantsnews.com |
|
Details | Domain | 6 | armzrace.com |
|
Details | Domain | 6 | artbykathrynmorin.com |
|
Details | Domain | 6 | atasensors.com |
|
Details | Domain | 6 | bkller.com |
|
Details | Domain | 6 | bonuscuk.com |
|
Details | Domain | 6 | bramjtop.com |
|
Details | Domain | 7 | buyinginfo.org |
|
Details | Domain | 6 | calgarycarfinancing.com |
|
Details | Domain | 6 | comparetextbook.com |
|
Details | Domain | 6 | conflictaslesson.com |
|
Details | Domain | 7 | councilofwizards.com |
|
Details | Domain | 6 | crappienews.com |
|
Details | Domain | 6 | createcopilot.com |
|
Details | Domain | 6 | cuanhuaanbinh.com |
|
Details | Domain | 6 | dmfarmnews.com |
|
Details | Domain | 7 | electrictulsa.com |
|
Details | Domain | 6 | elevateecom.com |
|
Details | Domain | 6 | epsross.com |
|
Details | Domain | 6 | erpdown.com |
|
Details | Domain | 7 | estmongolia.com |
|
Details | Domain | 6 | financialextremed.com |
|
Details | Domain | 6 | finasterideanswers.com |
|
Details | Domain | 6 | flaworkcomp.com |
|
Details | Domain | 6 | flfprlkgpppg.shop |
|
Details | Domain | 7 | getfiledown.com |
|
Details | Domain | 6 | getupdates.net |
|
Details | Domain | 6 | glassdoog.org |
|
Details | Domain | 6 | globaleyenews.com |
|
Details | Domain | 6 | goclamdep.net |
|
Details | Domain | 6 | goodrapp.com |
|
Details | Domain | 6 | gulfesolutions.com |
|
Details | Domain | 6 | hajjnewsbd.com |
|
Details | Domain | 6 | hisnhershealthynhappy.com |
|
Details | Domain | 6 | homeimageidea.com |
|
Details | Domain | 6 | howtotopics.com |
|
Details | Domain | 6 | importsmall.com |
|
Details | Domain | 6 | indiinfo.com |
|
Details | Domain | 6 | infotechtelecom.com |
|
Details | Domain | 6 | inhller.com |
|
Details | Domain | 6 | instalaymantiene.com |
|
Details | Domain | 6 | iplanforamerica.com |
|
Details | Domain | 6 | irprofiles.com |
|
Details | Domain | 6 | itduniversity.com |
|
Details | Domain | 8 | ivibers.com |
|
Details | Domain | 6 | jorzineonline.com |
|
Details | Domain | 6 | kelownahomerenovations.com |
|
Details | Domain | 7 | kentscaffolders.com |
|
Details | Domain | 6 | kerrvillehomeschoolers.com |
|
Details | Domain | 6 | kxmmcdmnb.online |
|
Details | Domain | 6 | lebohdc.com |
|
Details | Domain | 6 | linkonmarketing.com |
|
Details | Domain | 7 | loginge.com |
|
Details | Domain | 6 | lokjopppkuimlpo.shop |
|
Details | Domain | 6 | londonisthereason.com |
|
Details | Domain | 6 | looksnews.com |
|
Details | Domain | 6 | maineasce.com |
|
Details | Domain | 7 | meetviberapi.com |
|
Details | Domain | 6 | mexicoglobaluniversity.com |
|
Details | Domain | 6 | mobilefiledownload.com |
|
Details | Domain | 6 | mojhaloton.com |
|
Details | Domain | 6 | mongolianshipregistrar.com |
|
Details | Domain | 6 | mrytlebeachinfo.com |
|
Details | Domain | 6 | myynzl.com |
|
Details | Domain | 6 | newslandtoday.net |
|
Details | Domain | 6 | normalverkehr.com |
|
Details | Domain | 6 | nymsportsmen.com |
|
Details | Domain | 6 | oncalltechnical.com |
|
Details | Domain | 6 | onmnews.com |
|
Details | Domain | 6 | pgfabrics.com |
|
Details | Domain | 6 | pinaylizzie.com |
|
Details | Domain | 7 | profilepimpz.com |
|
Details | Domain | 6 | quickoffice360.com |
|
Details | Domain | 6 | redactnews.com |
|
Details | Domain | 6 | reformporta.com |
|
Details | Domain | 6 | richwoodgrill.com |
|
Details | Domain | 6 | riversidebreakingnews.com |
|
Details | Domain | 6 | rpcgenetics.com |
|
Details | Domain | 6 | sangkayrealnews.com |
|
Details | Domain | 6 | shreyaninfotech.com |
|
Details | Domain | 7 | smldatacenter.com |
|
Details | Domain | 6 | spencerinfo.net |
|
Details | Domain | 6 | starlightstar.com |
|
Details | Domain | 6 | tasensors.com |
|
Details | Domain | 6 | techoilproducts.com |
|
Details | Domain | 7 | thelocaltribe.com |
|
Details | Domain | 6 | tigermm.com |
|
Details | Domain | 6 | tigernewsmedia.com |
|
Details | Domain | 6 | tophooks.org |
|
Details | Domain | 6 | truckingaccidentattorneyblog.com |
|
Details | Domain | 6 | truff-evadee.com |
|
Details | Domain | 6 | tychonews.com |
|
Details | Domain | 6 | unixhonpo.com |
|
Details | Domain | 6 | usedownload.com |
|
Details | Domain | 6 | vanessalove.com |
|
Details | Domain | 6 | versaillesinfo.com |
|
Details | Domain | 6 | vopaklatinamerica.com |
|
Details | Domain | 6 | windowsfiledownload.com |
|
Details | Domain | 6 | xxmodkiufnsw.shop |
|
Details | Domain | 6 | 365officemail.com |
|
Details | Domain | 6 | 7gzi.com |
|
Details | Domain | 6 | lifeyomi.com |
|
Details | Domain | 6 | cdn7s65.z13.web.core.windows.net |
|
Details | Domain | 6 | edupro4.z13.web.core.windows.net |
|
Details | Domain | 7 | vabercoach.com |
|
Details | File | 5 | final.docx |
|
Details | File | 3 | adobe-setup.msi |
|
Details | File | 14 | hid.dll |
|
Details | File | 48 | msi.dll |
|
Details | File | 10 | formdll.dll |
|
Details | File | 5 | notelogger.dat |
|
Details | File | 3 | inkformdb.dat |
|
Details | File | 3 | ldevice.dat |
|
Details | File | 3 | officeime.dat |
|
Details | File | 10 | onenotem.exe |
|
Details | File | 3 | inkform.exe |
|
Details | File | 3 | excelrepairtoolboxlauncher.exe |
|
Details | File | 4 | ldevicedetectionhelper.exe |
|
Details | File | 5 | imecmnt.exe |
|
Details | File | 3 | c:\users\admin\appdata\roaming\virtualfile\inkform.exe |
|
Details | File | 3 | c:\users\admin\appdata\roaming\virtualfile\formdll.dll |
|
Details | File | 3 | c:\users\public\intelnet\formdll.dll |
|
Details | File | 3 | c:\users\public\intelnet\inkform.exe |
|
Details | File | 3 | c:\users\public\securityscan\formdll.dll |
|
Details | File | 3 | c:\users\public\securityscan\inkform.exe |
|
Details | File | 3 | c:\programdata\intelnet\formdll.dll |
|
Details | File | 3 | c:\programdata\intelnet\inkform.exe |
|
Details | File | 3 | c:\users\admin\samsungdriver\inkform.exe |
|
Details | File | 3 | c:\users\admin\samsungdriver\formdll.dll |
|
Details | File | 3 | c:\users\admin\appdata\local\apgfrwbjwqd\ldevicedetectionhelper.exe |
|
Details | sha256 | 6 | a0a3eeb6973f12fe61e6e90fe5fe8e406a8e00b31b1511a0dfe9a88109d0d129 |
|
Details | sha256 | 5 | 2232cd249be265d092ea923452f82aae28f965b48897fe6f05a7cd4495fcd96e |
|
Details | sha256 | 5 | aaad74fbf1b3f499aa2be9f5a86f0d6427c2d807c27532090671295a2b5d67e0 |
|
Details | sha256 | 5 | 6e37ad572f1e7d228c8c0c7cb1ef2d966d16d681669587cfb80e063106d77a6e |
|
Details | sha256 | 5 | 6ac4b0fd81e317615e0935e83874ef997b7bff3aff2f391405a2e22161f4fd45 |
|
Details | sha256 | 5 | dd2d8fb565b18065bde545da16f67f31036b4d45dec5b82caa74e30a617e85e8 |
|
Details | sha256 | 5 | 945f7ca6ce890f6cd1813b0ed1912ef25ed4a5f11da0fe97c20fe443bd4489a1 |
|
Details | sha256 | 5 | 042045687882ec8dc2d61e26e86e56620c4a1e694b46f9ce814b060cb0cf4bb5 |
|
Details | sha256 | 5 | 5479927c78faed415853c3ba3798dfff93d4047a17c3c4d87f7dc1ce8289395c |
|
Details | sha256 | 5 | d8981d4cbca9b99828a9459e4abfbbe20a221bfc59fc0f2a6d6a751c363b26c4 |
|
Details | sha256 | 5 | c6bd2c31ebaa8d51964c49a22bc796aa506e594d6f1b1043b01d0baf58836172 |
|
Details | sha256 | 5 | df3e5c62fa7086eec23c04cb52a17d64aa0b4f252551c8a65c599291a7cee61f |
|
Details | sha256 | 5 | 2c791775e66a77fe72aa826823f554bfe9a41525c6c1c14798cf56a42925db31 |
|
Details | sha256 | 6 | 74f3101e869cedb3fc6608baa21f91290bb3db41c4260efe86f9aeb7279f18a1 |
|
Details | sha256 | 5 | 1cbf860e99dcd2594a9de3c616ee86c894d85145bc42e55f4fed3a31ef7c2292 |
|
Details | sha256 | 5 | 54549745868b27f5e533a99b3c10f29bc5504d01bd0792568f2ad1569625b1fd |
|
Details | sha256 | 5 | 8c9e1f17e82369d857e5bf3c41f0609b1e75fd5a4080634bc8ae7291ebe2186c |
|
Details | sha256 | 5 | d0c4eb52ea0041cab5d9e1aea17e0fe8a588879a03415f609b195cfbd69caafc |
|
Details | sha256 | 5 | ca0dfda9a329f5729b3ca07c6578b3b6560e7cfaeff8d988d1fe8c9ca6896da5 |
|
Details | sha256 | 5 | 6784b646378c650a86ba4fdd4baaaf608e5ecdf171c71bb7720f83965cc8c96f |
|
Details | sha256 | 5 | 00619a5312d6957248bac777c44c0e9dd871950c6785830695c51184217a1437 |
|
Details | sha256 | 5 | eae187a91f97838dbb327b684d6a954beee49f522a829a1b51c1621218039040 |
|
Details | sha256 | 5 | c1f27bed733c5bcf76d2e37e1f905d6c4e7abaeb0ea8975fca2d300c19c5e84f |
|
Details | sha256 | 6 | 397afb74746b2fe01abc63789412b38f44ceb234a278a04b85b2bb5b4e64cc8c |
|
Details | sha256 | 5 | 49abaa2ba33af3ebde62af1979ed7a4429866f4f708e0d8e9cfffcfa7a279604 |
|
Details | sha256 | 5 | 3e6772aca8bb8e71956349f1ea9fecda5d9b9cfa00f8cdbf846c169ab468a370 |
|
Details | sha256 | 5 | f0aa5a27ea01362dce9ced3685961d599e1c9203eef171b76c855a3db41f1ec6 |
|
Details | sha256 | 5 | e81982e40ee5aaed85817343464d621179a311855ca7bcc514d70f47ed5a2c67 |
|
Details | sha256 | 5 | 471e61015ff18349f4bf357447597a54579839336188d98d299b14cff458d132 |
|
Details | sha256 | 5 | 7c741c8bcd19990140f3fa4aa95bb195929c9429fc47f95cf4ab9fad03040f7b |
|
Details | sha256 | 5 | 1efe366230043521c1f55cc049117a65acd1a29f4470446ad277f57c4f3a2feb |
|
Details | sha256 | 5 | 7a2994a6b61ee8ac668e41e622edfa7ae7e06b66d80c2a535f5822bc98058c33 |
|
Details | sha256 | 6 | 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 |
|
Details | sha256 | 5 | d4b9f7c167bc69471baf9e18afd924cf9583b12eee0f088c98abfc55efd77617 |
|
Details | sha256 | 5 | dbe26b8c3a75f2a78e1a47e021e5ed0087dd8433a667ab8238385529239f108e |
|
Details | sha256 | 5 | 71e462aaca0f2d8c8a685756b070d017c796de6ac22021a79d922f2f182d4fb0 |
|
Details | sha256 | 6 | 2d884fd8cfa585adec7407059064672d06a6f4bdc28cf4893c01262ef15ddb99 |
|
Details | sha256 | 6 | 30fbf917d0a510b8dac3bacb0f4948f9d55bbfb0fa960b07f0af20ba4f18fc19 |
|
Details | sha256 | 5 | 2cd4fb94268ba063b1a5eea7fe87e794fecf46c0f56c2aaa81e8c9052bb4f5f2 |
|
Details | sha256 | 5 | 38b2852a8dfadac620351c7bea674c29cc5aa89d051fb7acfb8d550df00d4403 |
|
Details | sha256 | 5 | 34e915d93b541471a9f7e747303f456732cd48c52e91ef268e32119ea8c433c0 |
|
Details | sha256 | 5 | 507aa944d77806b3f24a3337729b52168808e8d469e5253cbf889cdaabb5254e |
|
Details | sha256 | 5 | 976ffe00ca06a4e3d2482815c2770086e7283025eeecad0a750001dedaa2d16a |
|
Details | sha256 | 6 | c7ec098093eb08d2b36d1c37b928d716d8da021f93319a093808a7ceb3b35dc1 |
|
Details | sha256 | 5 | c2d259056163788dce3a98562bb3bcba3a57a23854104e58a8d0fe18200d690b |
|
Details | sha256 | 5 | 62adbe84f0f19e897df4e0573fc048272e0b537d5b34f811162b8526b9afaf32 |
|
Details | sha256 | 5 | 67c23db357588489031700ea8c7dc502a6081d7d1a620c03b82a8f281aa6bde6 |
|
Details | sha256 | 5 | b6f375d8e75c438d63c8be429ab3b6608f1adcd233c0cc939082a6d7371c09bb |
|
Details | sha256 | 5 | a7735182b7f9f2c10af3f8d2d10634c344d984f6e53e7a3787e4d3d756a7a0a0 |
|
Details | sha256 | 5 | 53bafcf064d421341c582d93108e84df2f0e284c2b0a4dc2deb9099aa953bf5a |
|
Details | sha256 | 5 | 7a16ba2f0d2c4f7779b67e41f8196ddc6652ca7b61607696ed154df83c8d7b9c |
|
Details | sha256 | 5 | 749d8980d80966480c85c112a10e1be3d391c1f4673977e880fa461edc2cbf18 |
|
Details | sha256 | 5 | 2220a9297876d7ffb5ad8da4d35ed7b2c8746129f66056e81c4f74a6bb224fd7 |
|
Details | sha256 | 5 | 3ced0837225b635f2ed63e4f72f95933d804e089a21eb8022407a74d772bb94f |
|
Details | sha256 | 5 | f1f58fda25e2a6dde9cab4faf02f7246d2a8ab2c96b4b055deea4093eee9d0e6 |
|
Details | sha256 | 5 | 77f813a461b4f1f1c765d951f0bf04668d96efea72cb8ecfb594ea2e36153cf8 |
|
Details | sha256 | 5 | dc155cb86f5240c2c39c851e006e39cb33ed9b52e0633cbcdcc2164a47a93e22 |
|
Details | sha256 | 5 | 5400fda058d7a13c27e9c95453634e4fee9a421023e0d4482f3eacc198caa928 |
|
Details | sha256 | 5 | 367a98647dea14345e258bc01dfb77b46d1a895e91b5d088cf949de34db13f59 |
|
Details | sha256 | 5 | f1812ca5170af2401d501561d2a3036379752d22111b10f9ac570587364c82aa |
|
Details | sha256 | 5 | e1c85c49982339770189f7947b5bfeb926bc3e4e1d1c63655cb0f8cfdc82a647 |
|
Details | sha256 | 5 | f2b04c3c764c85c0bedb434b55304d26d067662cd47e620e219657a0007c9fe0 |
|
Details | sha256 | 5 | c25b3a3d7779cb89772454a756ce48ed3744cf233564d309b6f8d19bd8e26fa4 |
|
Details | sha256 | 5 | 1bde2b050117d7f27e55a71b4795476decace1850587a17d6cf6fd3fc030ff1a |
|
Details | sha256 | 5 | 73451742de056d3d06f7c42904651439198df449115f7adb08601b8104bec6fb |
|
Details | sha256 | 6 | 651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859 |
|
Details | sha256 | 6 | f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 |
|
Details | sha256 | 5 | 288e79407daae7ae9483ef789d035d464cf878a611db453675ba1a2f6beb1a03 |
|
Details | sha256 | 5 | ee9c935adae0d830cdc0fccd12b19c32be4f15dffcf454a9d807016ce59ff9a9 |
|
Details | sha256 | 6 | c5aa22163eb302ef72c553015ae78f1efe79e0167acad10047b0b25844087205 |
|
Details | sha256 | 5 | 1a37289c70c78697b85937ae4e1e8a4cebb7972c731aceaef2813e241217f009 |
|
Details | sha256 | 6 | 49c32f39d420b836a2850401c134fece4946f440c535d4813362948c2de3996f |
|
Details | sha256 | 5 | 83946986b28fd8d04d59bab994cd2dc48e83b9711a8f453d8364c2ad27ea0254 |
|
Details | sha256 | 5 | ade0b5cfedfa73252ec72deee7eb79e26380e2e50b47efcfe12350c9a255bb66 |
|
Details | sha256 | 5 | b63f51537957572c43c26fc8e9088361978ee901df4b8e67d48843c4fb7c027b |
|
Details | sha256 | 5 | 557f04c6ab6f06e11032b25bd3989209de90de898d145b2d3a56e3c9f354d884 |
|
Details | sha256 | 5 | 095855cf6c82ae662cce34294f0969ca8c9df266736105c0297d2913a9237dd1 |
|
Details | sha256 | 5 | abd5a09ec75ff36df87ece894cab441ef7f021f5bdd8ba55d00b8ed8aac03ab4 |
|
Details | sha256 | 5 | 7b8dbfe66d16ad627d3864bd5d396b98a86c75aa4a3d87067a03221d73a560c1 |
|
Details | sha256 | 5 | 52ba1bd4d40202c24cb896a355f094dbe0dc6e211f5ddd5b59f0c39b99203172 |
|
Details | sha256 | 5 | b02b2c0a9209f20dab4efbc458160f5a9efdb81b6474ec10bb727295a86d825a |
|
Details | sha256 | 5 | 7f382a8b19613d078e4b78b677cb7592cab7c17577638e7ecad0a4952c6f4055 |
|
Details | sha256 | 5 | aafff72a8c4ad7be37b25e3686a28a11f1d29a0acc771cac1974e17c176c5ed1 |
|
Details | sha256 | 5 | 16dd782942b25aa2eb61bc7de36820444b9f55846c815e249a942b52c61be6b5 |
|
Details | sha256 | 5 | d674025113d350438a11439d56db111881de887fea41b2d168c6c2b8d8c22014 |
|
Details | sha256 | 5 | ca963057e69914d7e6c40aa7c43b393a1516f6dfdd2abfed12ddaa21fc2cfcce |
|
Details | sha256 | 5 | 96085a217f0841bae3fe77ecf60785a5cf4051748e90c818cf6160f7fd00b12e |
|
Details | sha256 | 5 | bde73773529ec32161fb8a675b50678771bf317a83f3dd8d0c47f54bdc665722 |
|
Details | sha256 | 5 | 94ad60e87518ac2f655be1b0297e0109da3ef0ae733357206e3e87712c5dfba7 |
|
Details | sha256 | 6 | 908ff3a80ef065ab4be1942e0d41583903f6aac02d97df6b4a92a07a633397a8 |
|
Details | sha256 | 6 | a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f |
|
Details | sha256 | 5 | 4ac2a633904b0da3ac471776ecbaded91e1f3a5107630fafde76868cace46051 |
|
Details | sha256 | 5 | 75e849cc96c573fdfe0233b4d9a79c17fb4c40f15c0b6c0d847c461a30f1cbe8 |
|
Details | sha256 | 5 | d188e877066f0932440d4cd8e8e2e856d7b92d40b475b7c0f0c996b34a2847a4 |
|
Details | sha256 | 5 | 37c7bdac64e279dc421de8f8a364db1e9fd1dcca3a6c1d33df890c1da7573e9f |
|
Details | sha256 | 5 | 6e07e37618f57ac1930865e175d49ef1bf85aa882ffbd30538f55f64d024085b |
|
Details | sha256 | 5 | 58a73d445f6122c921092001b132460bb6c1601dc93ecfaabe5df2bf0fef84de |
|
Details | sha256 | 5 | 9afddc7ff0a75975748e5dc7d81eee8cd32be79ca32edfebd151a376563e7d4b |
|
Details | sha256 | 5 | 9333cc552193cfe9122515e3d7b210de317c297f1c09da5180b3a7f006d94fe4 |
|
Details | sha256 | 5 | 3552708726f50ee949656e66a4a10da304bae088fa1b875bfab9e182b6ec97f7 |
|
Details | sha256 | 5 | 5dae5254493df246c15e52fd246855a5d0a248f36925cecee141348112776275 |
|
Details | sha256 | 6 | b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 |
|
Details | sha256 | 4 | 87d0abc1c305f7ce8e98dc86712f841dd491dfda1c1fba42a70d97a84c5a9c70 |
|
Details | sha256 | 5 | d27c5d38c2f3e589105c797b6590116d3ec58ad0d2b998d2ea92af67b07c76b1 |
|
Details | sha256 | 5 | 282fc12e4f36b6e2558f5dd33320385f41e72d3a90d0d3777a31ef1ba40722d6 |
|
Details | sha256 | 5 | 80a7ff01de553cb099452cb9fac5762caf96c0c3cd9c5ad229739da7f2a2ca72 |
|
Details | sha256 | 5 | 0b152012c1deab39c6ed7fe75a27168eaaec43ae025ee74d35c2fee2651b8902 |
|
Details | sha256 | 5 | 0c7ee8667f48c50ea68c9ad02880f0ff141a3279bd000502038a3a187c7d1ede |
|
Details | IPv4 | 6 | 115.61.168.143 |
|
Details | IPv4 | 6 | 115.61.168.170 |
|
Details | IPv4 | 6 | 115.61.168.229 |
|
Details | IPv4 | 6 | 115.61.169.139 |
|
Details | IPv4 | 6 | 115.61.170.105 |
|
Details | IPv4 | 6 | 115.61.170.70 |
|
Details | IPv4 | 6 | 182.114.108.91 |
|
Details | IPv4 | 6 | 182.114.108.93 |
|
Details | IPv4 | 6 | 182.114.110.11 |
|
Details | IPv4 | 6 | 182.114.110.170 |
|
Details | IPv4 | 6 | 103.79.120.92 |
|
Details | IPv4 | 7 | 45.83.236.105 |
|
Details | IPv4 | 6 | 116.206.178.67 |
|
Details | IPv4 | 6 | 45.133.239.183 |
|
Details | IPv4 | 6 | 116.206.178.68 |
|
Details | IPv4 | 6 | 103.238.225.248 |
|
Details | IPv4 | 6 | 45.133.239.21 |
|
Details | IPv4 | 6 | 103.238.227.183 |
|
Details | IPv4 | 6 | 103.107.104.37 |
|
Details | IPv4 | 6 | 107.148.32.206 |
|
Details | IPv4 | 6 | 167.179.100.144 |
|
Details | IPv4 | 6 | 116.206.178.34 |
|
Details | IPv4 | 7 | 149.104.2.160 |
|
Details | IPv4 | 6 | 207.246.106.38 |
|
Details | IPv4 | 6 | 45.76.132.25 |
|
Details | IPv4 | 6 | 155.138.203.78 |
|
Details | IPv4 | 6 | 144.76.60.136 |
|
Details | IPv4 | 6 | 38.180.75.197 |
|
Details | IPv4 | 6 | 107.155.56.15 |
|
Details | IPv4 | 6 | 107.155.56.87 |
|
Details | IPv4 | 7 | 202.91.36.213 |
|
Details | IPv4 | 6 | 107.155.56.4 |
|
Details | IPv4 | 7 | 149.104.12.64 |
|
Details | IPv4 | 6 | 154.205.136.105 |
|
Details | IPv4 | 7 | 223.26.52.208 |
|
Details | IPv4 | 6 | 45.128.153.73 |
|
Details | IPv4 | 6 | 96.43.101.245 |
|
Details | IPv4 | 6 | 45.135.119.132 |
|
Details | IPv4 | 6 | 161.97.107.93 |
|
Details | IPv4 | 7 | 103.107.105.81 |
|
Details | IPv4 | 6 | 103.107.104.4 |
|
Details | IPv4 | 6 | 103.107.104.57 |
|
Details | IPv4 | 6 | 154.90.47.123 |
|
Details | IPv4 | 6 | 147.78.12.202 |
|
Details | MITRE ATT&CK Techniques | 69 | T1583.003 |
|
Details | MITRE ATT&CK Techniques | 94 | T1583.001 |
|
Details | MITRE ATT&CK Techniques | 356 | T1566.001 |
|
Details | MITRE ATT&CK Techniques | 214 | T1566.002 |
|
Details | MITRE ATT&CK Techniques | 418 | T1204.002 |
|
Details | MITRE ATT&CK Techniques | 532 | T1059.001 |
|
Details | MITRE ATT&CK Techniques | 447 | T1547.001 |
|
Details | MITRE ATT&CK Techniques | 80 | T1574.001 |
|
Details | MITRE ATT&CK Techniques | 3 | T1627.001 |
|
Details | MITRE ATT&CK Techniques | 541 | T1140 |
|
Details | MITRE ATT&CK Techniques | 491 | T1071.001 |
|
Details | MITRE ATT&CK Techniques | 48 | T1218.007 |
|
Details | MITRE ATT&CK Techniques | 204 | T1036.005 |
|
Details | MITRE ATT&CK Techniques | 24 | T1036.007 |
|
Details | MITRE ATT&CK Techniques | 1075 | T1082 |
|
Details | MITRE ATT&CK Techniques | 145 | T1573.001 |
|
Details | MITRE ATT&CK Techniques | 114 | T1132.001 |
|
Details | MITRE ATT&CK Techniques | 163 | T1102 |
|
Details | Url | 7 | https://getfiledown.com/utdkt |
|
Details | Url | 6 | https://versaillesinfo.com/brjwcabz |
|
Details | Url | 6 | https://lifeyomi.com/trkziu |
|
Details | Url | 6 | https://lebohdc.com/uleuodmm |
|
Details | Url | 6 | https://cdn7s65.z13.web.core.windows.net |
|
Details | Url | 6 | https://edupro4.z13.web.core.windows.net |
|
Details | Url | 6 | https://elevateecom.com/deqcehfg |
|
Details | Url | 6 | https://vabercoach.com/uenic |
|
Details | Url | 6 | https://artbykathrynmorin.com/lczjnmum |
|
Details | Url | 3 | https://tria.ge/240803-bmgessseme/behavioral1/analog?q=ldevice&image=c:\users\admin\appdata\local\apgfrwbjwqd\ldevicedetectionhelper.exe |
|
Details | Yara rule | 4 | import "pe" rule APT_CN_RedDelta_Nim_Loader_DEC23 { meta: author = "JGrosfelt, Insikt Group, Recorded Future" date = "2023-12-21" description = "Detects RedDelta RC4 Implementation in Nim Loaders" version = "1.0" RF_THREATACTOR = "RedDelta" RF_THREATACTOR_ID = "en_T6N" strings: $s1 = { 8B 8D E0 FB FF FF 89 F2 32 54 3B 08 0F BE D2 E8 ?? ?? ?? ?? 89 85 E0 FB FF FF 89 F8 83 C0 01 89 C7 0F } condition: (uint16(0) == 0x5a4d) and $s1 } |
|
Details | Yara rule | 4 | import "pe" rule APT_CN_RedDelta_Nim_Loader_Aug24 { meta: author = "MGUT, Insikt Group, Recorded Future" date = "2024-09-06" description = "Detects RedDelta MSI files used to load PlugX via DLL hijacking" version = "1.0" hash = "49c32f39d420b836a2850401c134fece4946f440c535d4813362948c2de3996f" hash = "c5aa22163eb302ef72c553015ae78f1efe79e0167acad10047b0b25844087205" RF_THREATACTOR = "RedDelta" RF_THREATACTOR_ID = "en_T6N" strings: $func = "winimConverterVarObjectToPtrObject" condition: uint16be(0) == 0x4d5a and filesize < 500KB and pe.number_of_exports == 2 and pe.exports("HidD_GetHidGuid") and pe.exports("NimMain") and $func } |
|
Details | Yara rule | 3 | rule APT_CN_RedDelta_MSI_Aug24 { meta: author = "MGUT, Insikt Group, Recorded Future" date = "2024-09-06" description = "Detects RedDelta MSI files used to load PlugX via DLL hijacking" version = "1.0" hash = "30fbf917d0a510b8dac3bacb0f4948f9d55bbfb0fa960b07f0af20ba4f18fc19" hash = "2d884fd8cfa585adec7407059064672d06a6f4bdc28cf4893c01262ef15ddb99" RF_THREATACTOR = "RedDelta" RF_THREATACTOR_ID = "en_T6N" strings: $s1 = "TARGETDIR[%LOCALAPPDATA]" $s2 = "\\LDeviceDetectionHelper.exe" $s3 = "hid.dll" condition: uint32be(0) == 0xd0cf11e0 and all of them } |
|
Details | Yara rule | 2 | rule APT_CN_RedDelta_LNK_Oct23 { meta: author = "Mkelly, Insikt Group, Recorded Future" date = "2023-10-13" description = "Detects RedDelta LNK files used to retrieve and install .msi files via Powershell" version = "1.0" hash = "a0a3eeb6973f12fe61e6e90fe5fe8e406a8e00b31b1511a0dfe9a88109d0d129" hash = "74f3101e869cedb3fc6608baa21f91290bb3db41c4260efe86f9aeb7279f18a1" RF_THREATACTOR = "RedDelta" RF_THREATACTOR_ID = "en_T6N" strings: $s1 = "install.InstallProduct" wide $s2 = "install=New-Object" wide $s3 = "install.uilevel = 2" wide $s4 = "REMOVE=ALL" wide condition: uint16(0) == 0x004c and filesize < 5MB and 3 of them } |