Description
An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group associated with Mint Sandstorm, Charming Kitten, and APT42. The group persistently targets US political and governmental entities through sophisticated phishing operations involving malware like GORBLE and POWERSTAR. Their infrastructure employs dynamic DNS providers and deceptive domain themes to facilitate phishing attacks. Recorded Future's Network Intelligence identified Iran-based IP addresses communicating with GreenCharlie's infrastructure, further suggesting Iranian involvement in these operations.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 21, 2024, 10:48 a.m. | Aug. 21, 2024, 10:48 a.m. | Aug. 21, 2024, 11 a.m. |
Indicators
c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3
4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f
33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156
91.232.105.185
94.74.175.209
54.39.143.112
5.106.202.101
5.106.219.243
5.106.185.98
5.106.169.235
5.106.153.245
38.180.91.213
38.180.146.252
38.180.146.214
38.180.146.212
38.180.146.194
38.180.146.174
38.180.123.234
38.180.123.187
38.180.123.231
38.180.123.135
38.180.123.113
37.148.63.24
193.111.236.130
185.241.61.86
172.86.77.85
94.74.145.184
93.119.48.60
146.70.95.251
37.1.194.250
37.255.251.17
www.selfpackage.info
www.chatsynctransfer.info
Attack Patterns
GORBLE
POWERSTAR
GreenCharlie
T1591
T1568
T1588
T1608
T1199
T1598
T1489
T1486
T1203
T1204
T1566
T1090
Additional Informations
Technology
Government
United States of America