GreenCharlie Infrastructure Linked to US Political Campaign Targeting
Aug. 21, 2024, 11 a.m.
Description
An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group associated with Mint Sandstorm, Charming Kitten, and APT42. The group persistently targets US political and governmental entities through sophisticated phishing operations involving malware like GORBLE and POWERSTAR. Their infrastructure employs dynamic DNS providers and deceptive domain themes to facilitate phishing attacks. Recorded Future's Network Intelligence identified Iran-based IP addresses communicating with GreenCharlie's infrastructure, further suggesting Iranian involvement in these operations.
External References
Tags
Date
- Created: Aug. 21, 2024, 10:48 a.m.
- Published: Aug. 21, 2024, 10:48 a.m.
- Modified: Aug. 21, 2024, 11 a.m.
Indicators
- c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3
- 4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f
- 33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156
- 91.232.105.185
- 94.74.175.209
- 54.39.143.112
- 5.106.202.101
- 5.106.219.243
- 5.106.185.98
- 5.106.169.235
- 5.106.153.245
- 38.180.91.213
- 38.180.146.252
- 38.180.146.214
- 38.180.146.212
- 38.180.146.194
- 38.180.146.174
- 38.180.123.234
- 38.180.123.187
- 38.180.123.231
- 38.180.123.135
- 38.180.123.113
- 37.148.63.24
- 193.111.236.130
- 185.241.61.86
- 172.86.77.85
- 94.74.145.184
- 93.119.48.60
- 146.70.95.251
- 37.1.194.250
- 37.255.251.17
- www.selfpackage.info
- www.chatsynctransfer.info
- worldstate.duia.us
- viewdestination.vpndns.net
- vector.kozow.com
- uptimezonemetadta.run.place
- uptime-timezone.dns-dynamic.net
- translatorupdater.dns-dynamic.net
- tracedestination.duia.eu
- towerreseller.dns-dynamic.net
- timezone-update.duckdns.org
- timelinepage.dns-dynamic.net
- thisismydomain.chickenkiller.com
- thisismyapp.accesscam.org
- termsstatement.duckdns.org
- synctimezone.dns-dynamic.net
- streaml23.duia.eu
- storageprovider.duia.eu
- sourceusedirection.mypi.co
- softservicetel.ddns.net
- sharestoredocs.theworkpc.com
- smartview.dns-dynamic.net
- searchstatistics.duckdns.org
- reviewedition.duia.eu
- readquickarticle.dns-dynamic.net
- realpage.redirectme.net
- preparingdestination.fixip.org
- nextcloudzone.dns-dynamic.net
- overflow.duia.eu
- nextcloud.duia.us
- mobiletoolssdk.dns-dynamic.net
- longlivefreedom.ddns.net
- linereview.duia.eu
- lineeditor.mypi.co
- lineeditor.32-b.it
- lineeditor.001www.com
- joincloud.mypi.co
- joincloud.duckdns.org
- icenotebook.ddns.net
- hugmefirstddd.ddns.net
- highlightsreview.line.pm
- finaledition.redirectme.net
- filereader.dns-dynamic.net
- entryconfirmation.duckdns.org
- editioncloudfiles.dns-dynamic.net
- dynamictranslator.ddnsgeek.com
- dynamicrender.line.pm
- documentcloudeditor.ddnsgeek.com
- doceditor.duckdns.org
- dev.cheap-case.site
- destinationzone.duia.eu
- demo.cheap-case.site
- continueresource.forumz.info
- continue.duia.eu
- coldwarehexahash.dns-dynamic.net
- contentpreview.redirectme.net
- cloudtools.duia.eu
- callfeedback.duia.ro
- backend.cheap-case.site
- api.cheap-case.site
- api.overall-continuing.site
- app.cheap-case.site
- webviewerpage.info
- selfpackage.info
- admin.cheap-case.site
- projectdrivevirtualcloud.co.uk
- researchdocument.info
- realcloud.info
- pkglessplans.xyz
- personalcloudparent.info
- personalwebview.info
- onetimestorage.info
- onlinecloudzone.info
- messagepending.info
- itemselectionmode.info
- directfileinternal.info
- cloudregionpages.info
- activeeditor.info
- cloudarchive.info
- chatsynctransfer.info
Additional Informations
- Technology
- Government
- United States of America